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(START CUT AND PASTE SECTION - ORIGINAL USPTO DPP & USTPO PPA TEXT 

ADDED BACK IN AFTER USPTO OFFICE OF INITIAL PATENT EXAMINER' S EDITING 
OUT FOR BREVITY) 

(NOTE TO PATENT EXAMINER: THIS CUT AND PASTE SECTION OF AMEND A: 
DATED 12/2007, IS NOT 'NEW TECHNICAL MATERIAL' OF AMEND A, BUT, SIMPLY 
VERBATIM, HE- INSERTED, KEY EXCERPTED MATERIAL OF THE ORIGINAL USPTO DPP 
(DPP SERIAL NUMBER: 510, 130, DPP DATED: 5/1/2002) ., AND USPTO PPA (PPA 
NUMBER: 60/441,189, PPA DATED: 1/21/2003), SUBSEQUENTLY % EDITED OUT' BY 
THE USPTO OFFICE OF INITIAL PATENT EXAMINER'S (USPTO PIPE) FOR REASONS 
OF P RODUC1NG BREVITY, AND FOR THIS AMENLMENT A, THE ggggggT APPLICANT 
HAS SIMPLY RE-INSERTED THIS SECTION) J . 

BACKGROUND - Field of Invention: 

A preferred embodiment of the invention of a new type of public 

key cryptography architecture is introduced for internet "downloaded" 
central distribution of custom encrypted digital media over a prior art 
customer personal computer (PC) with attached physical media drives 
with physical, portable media and also attached media ticket smart card 
readers holding media ticket smart cards which portable media is 
manually transferred or "footprint downloaded" along with the physical 
digital media for playing upon a new type of cryptographic media player 
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[REF 59 3+ having a built-in media ticket smart card reader. The 
portable media may also come directly from the retail store, 

A 1st alternative embodiment of the invention uses custom 

encrypted high definition "big screen" television (HDTV) and standard 
definition television (SDTV) digital transmitted MPEG II compressed 
digital signals to transfer the media to home television sets over the 
airwaves, transmitted over cable systems using fast/ digital, cable 
broadband modems, transmitted over the phone system using fast, 
digital, asymmetric digital subscriber line (ADSL) broadband modems, 
transmitted over direct broadcast satellite (DBS) systems, transmitted 
over ^wireless Ethernet" Institute for Electrical and Electronic 
Engineers Standard (IEEE) 802.11 g (54 ^£0- Mega bits/second) signals, 
and also transmitted over physical transfer channels using 
entertainment store purchase of digital versatile disks (DVD) pre- 
programmed with digital media > The customer's unique media ticket 
smart card with custom play codes and play counts must be programmed 
over a separate internet based personal computer (PC) system with an 
attached media ticket smart card reader. The relevant television must 
have a special cryptographic set-top box, of some implementation design 
form. A relevant digital versatile disk (DVD) player for custom 
cryptographic media must have a built-in media ticket smart card reader 
with the proper media ticket smart card inserted. 
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A 2nd alternative embodiment of the invention uses digital 

versatile disk (DVD) as a physical transfer channel to distribute 
commercial movies to movie theaters with the customer/ theater owner's 
unique media ticket smart card programmed with custom play codes and 
play counts over a separate internet based personal computer (PC) 
system with a media ticket smart card reader. The digital, micro 
machine module (MMM) based movie projector with up to 30-channel 
theater-type sound system and even multi-dimensional sensory digital 
outputs such as seat vibration units, seat temperature units, and 
olfactory units must have a built-in media ticket smart card reader 
with the proper media ticket smart card inserted. 

This invention relates to a specific new type of process or 

system of implementing a public key cryptography architecture 
implementing a system of processes with both prior art hardware, 
software, protocols, and cryptology algorithms and the inventor's new 
art cross-referenced systems components « 

The prior art hardware components and new art hardware components 

baocd upon the inventor' o crooo - rcf ercnccd patcnto (ace CROSS - 
REFERENCES TO MY RELATED PATENTED INVENTIONS Section) , or else bas ed 
upon public domain publiohcd research from the inventor's technical 
journal articlco # or eloc baocd upon the inventor' o already publiohcd 
US patent material without relevant subject patent filing within 
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expiration of the US Patent Office's (USPTO'o) *onc year publication 
rulc f for any form of public publication or public diaocmination of 
information are: 

media ticket smart cards (880) (prior art) , 

media ticket smart card readers (900) attached to standard 

personal computers (PC f s) (820) using universal serial bus (USB) 
cables (prior art) , 

(optional) bio- identification digital fingerprint readers 
attached to the media ticket smart card readers (used instead of 
a passphrase/passcode entered into a toggle field with display 
for customer identification) , 

local area networks (LAN's) (924) (prior art), 

internet protocol wide area networks (IP-WAN's) (928) (prior 
art) , 

commercial personal computers (PC's) used as clients (820) 
(prior art) , 

world wide web (WWW) servers (824) (prior art), 

cryptographic media players (700, 720, 1000, 1004) with built- 
in media ticket smart card readers and media drives for different 
format commercial medias, patent pending [REF 5 9&j-, 
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cryptographic digital signal processors (ODSP's) (932) [REF 
500] used inside of cryptographic media players (100, 720, 1QQ0, 
. 1004) fREF 508J, [REF and other open systems computing 

components. 

The software components involved are: 

high security server operating systems (HS-OS's) (920) (prior 
art), 

cryptographic algorithms (prior art), and 
cryptographic protocols (prior art) » 

The system wide goals of this invention is to provide a new 

method or process of using existing hardware components to provide 
centralized web server support and worldwide computer industry and 
internet standards and processes for: 

1) * Public key cryptography and private key cryptography in a 
hybrid use called hybrid key cryptography specifically tailored to 
the application of world wide web (WWW) centralized media server 
(WWW server) based internet distribution and download to prior art 
customer personal computers (PC's) of custom encrypted, commercial 
digital media limited to media which can be real-time, custom 
decrypted upon a specialized cryptographic media player 4ftSF-£0#f 
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(e.g. digital movies, digital music, electronic newspapers, and 
electronic books) > 

The internet download occurs from web media servers to 
customer's commercial prior art personal computers (PC's) 
containing drives holding digital physical media consisting of in 
example media being digital versatile disks read write (DVD-RW (R) , 
PVD+RW (R)), compact disk record once media (CD-R), or flash type 
solid state memory cards (FLASH (R) ) > 

The internet download occurs from web media servers to 
customer's commercial prior art personal computers (PC's) 
containing built-in media ticket smart card readers with the 
customer's inserted media ticket smart card which controls media 
replays. 

A cryptographic media player with a built-in media ticket smart 
card reader and built-in media drive to play the custom encrypted 
media. 

Also in a separate application called the 1st alternative 
embodiment, the custom encrypted digital media can be broadcast as 
high definition television (HDTV) and standard definition 
television (SDTV) signals to an "over the airwave" set-top box on 
top of a digital television monitor or else a set-top box built 
inside of a home digital television. The "over the airwaves" set- 
top box will be a cryptographic media player with a built-in media 
ticket smart card reader to control media replays. An external or 
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built-in digital versatile disk (DVD-RW or DVD+RW (R ) ) drive or 
smart digital recorder will digitally record the custom "cipher 
text" or pre-encrypted medium. Also in the 1st alternative 
embodiment; the custom encrypted digital media can be transmitted 
over a fast broadband cable line to an over the television monitor 
cable set-top broadband cable modem box or over a fast asymmetric 
digital subscriber phone line (ADSL) to a fast broadband ADSL set- 
top box- The direct broadcast satellite (DBS) service (e.g. Hughes 
DSS (R ), Echostar (R )) set-top box can also receive the same 
format custom "cipher text" or pre-encrypted HPTV/SPTV signals if 
it uses a cryptographic digital signal processing (C-DSP) unit. 
The set-top box or built in set-top box is a cryptographic media 
player able to control media replays through decryptions using the 
media ticket smart card. The cable modem or ADSL modem set-top 
boxes (with a return channel) can even have fully interactive 
digital electronic television guide information and future 
recording customer instruction using a simple spreadsheet or matrix 
type of graphical user interface (GUT) included for removal and 
display on the digital television monitor's picture in a picture 
(PIP) screen. 

In a 2nd alternative embodiment of a movie theater application, 
a special movie, cryptographic media player (patent pending) -f-Rgff 

with built-in media ticket smart card reader to control media 
replays will exist for commercial movie distribution to movie 
theaters of two disks per intermission interval for movie content 
plus' an additional disk for local advertising, custom encrypted 
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digital versatile disks read/ write (DVD-RW, DVD+RW) . This 
cryptographic media player will be integrated with a micro-mirror 
machine module (MMM) for digital movie theater color projection 
systems.. The movie theater may also have an up to 30-channel 
theater type sound system. Future units will even have olfactory 
units, seat vibration units, and automatic theater light and 
drapery control. Digital versatile disk read/write (DVD-Rffl (R) or 
DVP+RW (R) ) consists of 4,9 Giga bytes (4,9 thousand Mega 
bytes) /disk single sided and single layer. Greater capacity can be 
had using double sided and double layer digital versatile disks 
(DVD-RM (R) or DVD+RW (R) ) for up to 20 Giga bytes (20 thousand 
Mega bytes) /disk of digital storage. Low quality, color, audio (2- 
channel) /video compressed digital MPEG IV" is recorded at only 3 
Mega bits/second or about 0.37 Mega bytes/second. Higher 
resolution MPEG IV can be recorded at 3 Mega bytes/ second. Even 
the high resolution MPEG IV recording rate allows recording of up 
to 6,667 seconds or 1.85 hours per double sided and double layer 
digital versatile disk of very high quality MPEG IV compressed 
audio (2-channel) /video. A second double sided and double layer 
digital versatile disk read/write (DVD-RW, DVD+RW) drive can 
simultaneously read in additional audio channels for up to 30- 
channel Dolby (R) types of theater sound systems. Digital 
versatile disk (DVD), concert quality sound is left uncompressed 
and recorded at a 44 Kilo Hertz rate with 16-bits/sample or 2 
bytes/sample or a 88 Kilo bytes/second/ channel data recording rate 
neglecting an extra 10% for error detection and error correction 
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parity coding* 30 Dolby (R) channels takes a total of 2640 Kilo 



bytes/second or about 2.7 Mega bytes/second. 



The second disk will even have spare capacity for additional 
future special effects in n-dimensions such as seat vibration unit 
effect track recordings, olfactory (smell emitter) track 
recordings, automatic theater light and drapery controls, 
nationwide and local theater commercial tracks, public service 
messages, etc* 

The separate MPEG X audio stream and MPEG X video streams can be 

correlated with the MPEG IV "presentation time stamps (PTS) " and 

♦ 

MPEG IV "system clock reference (SCR)" which is the initialization 
setting for a target system's hardware based digital timer. The 
session key hardware decrypted MPEG IV de-compressed digital output 
can be used to drive a micro-mirror machine module (MMM) for sharp, 
ultra-bright, theater type projection systems. 

Two additional digital versatile disk read/ write (DVD-RW (R) , 
DVD+RW (R) ) can be inserted after intermission for up to 3,7 hour 
theater presentations. 

This custom encrypted physical digital media can be customer 
personal computer (PC) copied an indefinite number of times for 
legal copyright law personal use and archiving and in case of lost, 
stolen, defective, or disputed media ownership called "fair use". 
This media is useless without the matching crypto keys or "play 
codes" and "play counts" in the customer's media ticket smart card, 
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The matching customer "play codes" and "play counts" in the 
customer's media ticket smart card can be stored in a back-up card 
in case the media ticket smart card is lost, stolen, defective, or 
of disputed legal ownership. The registered customer can always 
get a new media ticket smart card from the public key distribution 
authority in case of a lost, stolen, defective, or disputed legal 
ownership media ticket smart card. 

The custom encrypted digital media can be entirely sold or given 
away by physical digital media copying on a personal computer in 
something called legal "first use." The physical media is useless 
without transfer of the crypto keys or "play codes" and "play 
counts" from the customer's media ticket smart card to the buyer's 
media ticket smart card. The custom encrypted media cannot be 
played without a matching programmed media ticket smart card 
inserted into a cryptographic media player [KEF 508] . The 
matching customer "play codes" and "play counts" in the customer's 
media ticket smart card can be stored in a back-up card in case the 
media ticket smart card is lost, stolen, defective, or of disputed 
legal ownership which may in turn be illegally sold or given away. 
The registered customer can always use a cryptographic media player 
to legally transfer the crypto keys in his own media ticket smart 
card to the buyer's media ticket smart card with subsequent 
registration over an Internet connected personal computer. 
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V) 



Transfer of cryptographic keys called "play codes (encrypted 
session keys or one-time secret keys) " and "play counts (accounting 
counts of number of media decryptions legally allowed) * from one 
person's media ticket smart card to a backup media ticket smart 
card may be required for legal "fair use" back-up. Transfer of 
cryptographic keys for a registered customer from the public key 
distribution authority to a newly minted media ticket smart card 
may be required to replace a lost, stolen, defective, or disputed 
legal ownership media ticket smart card. Transfer of cryptographic 
keys from* one person's media ticket smart card to another person's 
media ticket smart card may be required for legal "first use" 
transfer. 

2) - Internet download of cryptographic keys being play codes 
(session keys or one-time secret keys) and also play counts (paid 
for accounting numbers of plays also known as custom decryption 
counts, -1 for an infinite number of plays, or else allowance of 
free trial plays) occurs to a media ticket smart card. Before a 
media play also called a decryption/ the play counts are 
decremented on the media ticket smart card by the cryptographic 
media player [REF 508] . 

3) . Internet update of play code (session keys or 1-time secret 
keys) and play counts (paid for plays or counts of free trial 
plays) held by a particular customer's personal media ticket smart 
card inserted into a built-in media ticket smart card reader on the 
customer's world wide web connected personal computer. 
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4) - Physical transfer of custom encrypted digital media and a 
programmed media ticket smart card from the customer's personal 
computer (PC) to a cryptographic media player [REF 508] (e,g. 
cryptographic "MP 3" music player where MP3 stands for Moving 
Picture Electronics Group standards I audio layer 3 (MP3) C audio 
only) compressed digital signals/ cryptographic electronic book 
readers, cryptographic digital versatile disk (DVD) home movie 
players, cryptographic digital versatile disk (DVD) theater movie 
players containing physical digital media drives and a built-in 
media ticket smart card reader) . 

5) , If play counts (counts of paid for plays or counts of free 
trial plays also known as custom decryption counts) contained on a 
media ticket smart card are greater than one, it is decremented and 
restored on the media ticket smart card. The play code (a session 
key also called a one time secret key) on the media ticket smart 
card is retrieved into the cryptographic media player's [REF 508] 
cryptographic digital signal processor (ODSP) having tamper 
resistant non-volatile electrically erasable programmable read only 
memory (TNV-EEPROM) [REF 500]. The media ticket smart card can 
then be removed from the cryptographic media player HHRE F 508] for 
wallet storage or left in place. The custom encrypted digital 
media limited to real-time decrypted digital music, digital movies, 
electronic books (e-books), and electronic newspapers is then 
played upon the cryptographic media player [REF 

6) . Non-copyrighted commercial material and home-made material 

which is never custom, encrypted may be "played" by the 
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cryptographic media player in non-encrypted form an unlimited 
number of times, 

7) » Full compliance with the US Copyright law in terms of legal 
"fair use" which is one to two copies of US Copyrighted material 
for archiving and records storage. "Fair Use" allows for a back-up 
copy in case of accidental damage, theft, natural disaster such as 
fire, -flooding, storms, allows for disputed legal ownership (as any 
divorced person will support), also one or two convenience copies 
at different locations used by the same legal owner. A. home copy 
and a portable vehicle copy is the marketing minimum requirement, 
but, not the legal requirement. 

Full compliance with legal "first use" of US Copyrighted 
material which is the legal owner's right to sell or entirely give 
away the material in legal ownership transfer to another legal 
owner. 

The standards used arc proposed industry wide standards which 

will hopefully progress from 

The standards used are proposed industry wide standards which 

will hopefully progress from USPTQ patent licensed commercial use by 

one or more corporations, slowly emerging as a Me facto / winning or 

free markets winning public key cryptography architecture standard, and 

then becoming a proprietary de facto standards (accepted by widespread 

commercial use after market introduction by one corporation) , into 
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industry standards set by the US Recording Industry Association of 
America's (RIAA's) Secure Digital Music Initiative (SDMI), US National 
Association of Broadcasters (NAB) , and the Electronic Industry 
Association (EIA) j and then to nationally otandardized bodieo ouch aa 
American National Standards Inotitutc (ANSI) t and international 
standards bodieo ouch as the International Tolography Union (ITU) . The 
US Federal Communications Commission (FCC) may be involved in US 
jurisdictional legal regulation of US airspace, US cable; and US phone 
systems. 
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Discussion of Prior Art: 

Prior Art Legal Environment 

Previous to year 2002 , internet based US and European digital 

media distribution architectures have fallen in violation of the US 

Copyright laws.> Peer to peer architecture media distribution schemes 

(e.g. Napster (R) , Gnutella (R) , MP3 Dot Com (R ), etc.) connect home 

personal computers to gather digital media directly from other home 

personal computers through a world wide web server based central 

addressing and database function. These services have allowed 

customers to distribute to other customers digitally compressed free 

music and free movies without authorized licensing or rightful payment 

to copyright owners. Music distribution companies alone due to the 

much shorter computer "download" time of compressed digital music (with 

current technology in y. 2002 about five minutes per compressed digital 

song vs. 2 hours per compressed digital movie) are losing a recently 

estimated 2-3 billion dollars a year in revenues in a worldwide music 

industry estimated at y. 2002 50 billion US dollars in revenue (about 

4-6% of product sales) . In y. 2002 due to the minimum 2 hour download 

time for a feature length movie even with compressed MPEG IV digital, 

Hollywood movie sales are not yet significantly impacted. A single 

"hit" Hollywood movie such as Titanic can have y. 2002 2 billion US 

dollars in total worldwide distribution theater, cable, home video 
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rental, and home video sales out of worldwide total theatrical movie 
revenue of billion dollars (neglecting efli/ ^amount of revenue 
from ancillary product or promotional item and souvenir item sales) . 
Store credits by record sale and movie ticket credits by ticket sold 
allocating hundreds of millions of dollars per year in artist's . 
royalties to recording and performing artists through royalty payments 
and residuals (re-play royalties) are way down. 

This type of US copyrighted music (e.g. MP3 format digital music) 
illegal duplication and movie illegal duplication is a Federal 
Copyright €> law violation . This legal decision was decided in the US 
vs. Napster case of year 2002 decided by Federal judge Marilyn Hall 
Patel in San Francisco Federal court. Napster has since the Federal 
court decision struggled with bankruptcy. 

The US Copyright law allowed legal use of US Copyrighted Material 

of one to two copies for personal use anywhere (e.g> one copy for home 
use and one copy for automobile use) and archiving for record keeping 
purposes and emergency back-up purposes (e.g. fire # flood, theft, 
natural disaster, etc.) which is legally called "fair use" and is not a 
US copyright violation. 

The US copyright law also allows something called "first use" of 
purchased copyrighted media which is the right to sell the media or 
transfer legal ownership in entirety to another person. Many existing 
digital copy protection mechanisms do not allow for both legal ^fair 
use" and legal "first use." 
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Non-copyrighted, home-made material can be copied by the customer 
an unlimited number of times and is usually not under US Copyright law 
unless the home-owner © marks and registers a copy for US Copyright 
protection,' 

A legal form of electronic distribution of digital music is 

desperately needed by the music and movie industries to stop rampant 
piracy of perfect digital masters which can be duplicated ad infinitum 
in digital to digital copying without distortions/ losses, or 
degradations > The method should also allow personal archiving or "fair 
use" of one to two copies. Especially desired from a marketing view- 
point only is one copy for home use and one copy for automobile or 
portable use by the same person. The production of non-copyrighted, 
home-made material should be copyable an unlimited number of times . 
The method should also allow "first use" or the right of the legal 
owner to completely sell or transfer legal ownership of the media in 
entirety. 
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Prior Art Discussion of 
Cr yptography 

Cryptography has been mostly used in prior art at the government 

level for the dedicated purpose of highly secure government and 
military applications. The intent of cryptography was nearly absolute 
secrecy between two communicating parties under the current state of 
technological development. This is called strong cryptography. This 
cryptography will always be needed at the highest levels of government 
and the military through highly classified/ ITS National Security Agency 
(NSA) administered common commercial and military computer security 
(COMSEC) programs. Hardware schematics and algorithms are kept top 
secret and restricted to cleared personnel with a "need to know* with 
controlled access in physically contained US National Computer Security 
Center (NSCS) highest security rating Al computer facilities and 
secured buildings, 

Two forms of cryptography have developed, the older secret key 

cryptography (symmetric cryptography) and the newer (since the 1960's 

with Dif fie-Hell*nan) , called public key cryptography (asymmetric 

cryptography) (see US Patent No, 4,200,770). TheseKare distinguished 

basically by the nature of the key exchange. Secret keys must be kept 

and exchanged in secret. This must be done through physical exchange of 

secret keys which also authenticates or identifies correct parties 

(exchanging slips of paper or whispering passwords in someone's ear) or 
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else secret keys can be exchanged through a secure/ dedicated data 
channel linked only to correct parties (e.g. two-party trusted agent 
transports using a locked briefcase handcuffed to one agent, express 
mailed package or registered US mail) . 

Public keys in one popular algorithm known as RSA (R) have a 

public key pair associated with a unique private key pair with the 
public key pair being openly or publicly broadcast to any party to 
allow anyone the ability to encrypt secure messages. A public key pair 
is like a Cracker Jack (R ) prize secret common encryption only ring 
which only encrypts messages. This encryption ring is available to any 
person wishing to use it for encrypting messages only. A private key 
pair is like a Cracker Jack (R ) prize secret decryption only ring 
which only decrypts messages. This decryption ring is available only 
to one person wishing to decrypt messages encrypted by the other rings. 

A public key pair is also like a treasure chest key which only 

unlocks the left side of a divided, two sided and two lidded treasure 

chest which also has a partition down the inside middle of the treasure 

chest with a letter slot through which to place a secret letter- The 

public key pair is available to any passing party as it is hung on a 

nail on the outside of the left side of the treasure chest when not in 

use. The private key pair uniquely matched to the public key pair is 

kept secret and is treated just like a secret key, but, is not called a 

secret key to avoid confusion with secret key cryptography. The 

private key is used only by authorized parties for decryption of 

encrypted messages. The private key is also like a unique key which 

only unlocks the right half of the two sided and two lidded treasure 
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chest for only one person to pick up and read letters left for him. 
The right side key is only held by one person, hence its name of a 
private key* The single private key also allows unique authentication 
of the single private key holding party for a reverse right to left 
side letter exchange (like an exchange of photo identification or 
fingerprints) . Since the right side treasure chest key is assumed to 
be held by only one person, only this one person can reverse deposit an 
answer letter through the center divider slot from the right side to 
the left side of the divided treasure chest where it is available on 
the left side by pushing a button inside the left side of the box. 
This reverse process is called a private key authentication. 

Instead of a divided treasure chest with two lids separately 
locked by two different keys, a similar analogy can be made using a 
house with only two doors, a single, private key, for a back door used 
only by the house's owner. The front door of the house has a public 
key left on a nail outside of the front of the house for anyone's use. 
The front door of the house opens to a closed atrium with a letter slot 
for anyone to drop a letter off meant for the single owner of the 
house. This process is like public key encryption, A push button in 
the closed front atrium will drop a letter down for the front door 
visitor which is guaranteed as coming from the house's owner, who alone 
has access to the back door of the house. This process is like private 
key authentication. 

The private key pair is almost mathematically impossible to 

derive from the public key pair alone. Given the private key pair, the 

public key pair is publicly known, so, all crypto information is known, 
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e.g. RSA public key cryptography algorithm (see REFERENCES 
[REF 51), Other algorithms work in a similar manner with a public 
part and a private part/ but, may not require key pairs (see 
Dif f ie-Hellman public key exchange cryptography [REF 6] which 
does not do authentication) . 

Secret and private key administration is an important 

cryptography concept. Whoever holds the secret keys or private keys 
controls or administers the data as no one else can decrypt and read it 
or authorize data transactions. This is just like possessing a house 
key which gives access to a house. Only responsible and authorized 
parties should have a copy of any keys, just like possession of a house 
key. You don't want to trust your house key to a stranger or a 
burglar . 

A key recovery process must be done by organizations who do not 

administer the secret or private keys or by the key's owner if a key is 
lost in order to decrypt data. This is just like entrusting your house 
key to a trusted neighbor. Key escrow also allows third parties to 
legitimately or illegitimately enter your house. The police can obtain 
a court ordered search warrant upon your neighbor to surrender your 
house key to search your house. Alternately if your neighbor is a 
moonlighting burglar , he can illegally enter your house and rob you. 
Hopefully/ crypto key recovery is done through a lawful process 
involving the court system, otherwise, an illegal data wiretapping 
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process occurs which is like breaking and entering a house with stolen 
keys. 

Key recovery is facilitated by the current concept of key escrow* 
Key escrow is the term for depositing a secret or private key copy with 
a trusted third party for key recovery. This is just like a house key 
copy which is left with a trusted friend or relative* [REF 400], 

Key recovery is enhanced by several techniques. Key splitting is 

the term for breaking a secret or private key into two or more pieces 
such as a front half and a back half of a house key which can be left 
in key escrow with different parties, so, that all pieces must be 
"welded" back together or joined before data can be decrypted (or in 
our house case before a house can be entered) . A specific embodiment of 
key splitting is discussed in US Patents No.'s 5,315,658 (Micall key 
escrow for Dif fie-Hellman key exchange and also for RSA public key 
algorithm) and registered US patent No. 5, 276, 737 4 (Hicali key escrow 
fixing a hole called a ^subliminal channel # in Dif fie-Hellman key 
exchange) . These two patents establish the technology known as "fair 
and fail-safe key escrow. " The interesting *key escrow verification* 
property of Micali key escrow is that a party who holds only the front 
half of a split key can verify that another party holds the correct and 
matching back half of the split key without giving away the key's 
functional equivalent to a metal keys ridge pattern to either party. 
The split keys can be verified without full key disclosure to any one 
party. [REF 400] . 
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A more advanced method of cryptographic split key recovery among 
lets say among five parties is called 'majority voting' or else a 
*thresh-hold scheme' by a prior art method such as Blum Blum Schub (BBS 
algorithm) for unique pseudo-random crypto key generation which 
furthermore requires in this example any three out of five parties to 
collaborate in order to piece together a working split key. This 
maximizes the chances of key recovery in case of a disaster scenario 
for any one party, but, increases the chances of collusion by any three 
out of five parties to illegally leak out key data. A Mm, n) . 
threshold scheme with verification' allows the example (3,5) parties to 
verify their own entire split key escrow database without any single 
party obtaining a citizen/customer's single full key. [KEF 400J , 

Any national commercial use federated split key escrow system 
should be based upon US National Computer Security Center fflCSC) 
*orangebook (for its orange colored book cover)' rated C3 or higher 
secure, physically isolated (non- Internet connected) crypto key 
databases. Any key transport out of these key escrow centers in the 
form of personal cotsgsuter (PC) relational databases should be done by 
authorized paperwork initially with *warm-blooded' hand signed with 
identification and eventually with strict bio-identification smart 
cards with the use of smart split key escrow cards used as portable 
cryptographic key vaults. Without strong Federal anti- 
espionage/interoperability laws and Federal licensing with criminal 
background influence upon management background checks, the key escrow 
databases will be money and power corrupted by U evil key escrow 
agents, with moderate Federal law 1/10% of 1% agents (1/1,000) will be 
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corrupted, and even with strong Federal licensing insuring anti- 
espionage/interoperability laws 1% of 1% (1/10,000) of the key escrow 
databases will be subject to money and power corruption. The Veal- 
life' corruption can be handled by legal prosecution and by serial 
number identification of all crypto keys and split crypto key 
databases. The use of the split key escrow databases are entirely for 
legal purposes, for recovering lost or stolen cryptographic keys always 
with audit trailed presentation of citizen/customer identification, for 
court ordered recovery of disputed data, and for court ordered wiretap 
access. The law enforcement use of key escrow even with smart card 
portable vault accessibility exposes all such accessed keys which must 
be regenerated and replaced with new crypto keys. fREF 400 J . 

Key splitting produces dependent private keys. Having multiple 

dependent private keys is also functionally like having two or more 
keys held by different officers turned at the same time in order to 
launch a ballistic missile. Multiple dependent private keys is . 
mechanically also just like putting different padlocks "in parallel" or 
all through the same latch of a treasure chest. All padlocks must be 
removed from the latch before the treasure chest can be opened. [KEF 
400] . 

Secret key cryptography is now used (year 2000) in electronic 

funds transfer (EFT) systems over mostly dedicated phone lines. Secret 

keys are held in computer dongles (parallel printer port pass- thru 

devices which look like plastic harmonicas) and physically exchanged 

once a month (hand carried or express mailed) and attached to personal 

computers before operation. Automatic teller machine (ATM) networks and 
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credit card processing stations use secret key encrypted dedicated 
leased phone lines and dedicated satellite links to reduce the risk of 
unauthorized access through physical security. Specific examples of 
secret key algorithms are PES (R) , Triple-DES (R) , RC4 (R) , Saf er, 
Safer Plus, Idea (R) , and Skipjack (NSA classified) . [REF 400] , 

Secret key cryptography is now (year 2000) used in the internet 

for password computer access and password based electronic funds 
authentication and transfer with remote transaction processing 
computers. 

A secret key authentication loop back is done which does not 

require exchange of the secret keys or passwords over the currently 

unsecured and open internet (like an old party phone line) . Instead, a 

random, clear-text message is chosen by sending party A and exchanged 

with receiving party B while having party B send-back a pseudorandom 

number value which can be used to verify an authenticated two-way 

looped back data link. Party A puts the randomly chosen, clear- text 

message through a standard message authentication cipher (MAC) which is 

a one-way hash function or message digest cipher (MDC) with a secret 

key. The message authentication cipher produces a message 

authentication cipher code (MAC Code) or pseudo-random fixed bit length 

number sometimes called a "hash code" . Party A then sends the randomly 

chosen clear text message to Party B. Party B independently uses the 

standard message authentication cipher (MAC) with his own secret key 

copy upon the clear-text, received message to also produce a message 

authentication cipher code (MAC Code) . Party B loops his own MAC code 

back to party A. Party A compares his own computed MAC code with the 
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copy just received from party B. If they are the same, then the secret 
keys for the MAC are the same on both sides and the parties are 
authenticated to each other. A hacker listening in on the 
communications line would receive the block of randomly chosen clear- 
text message and a MAC code from party B for the message. Nothing of 
value would be intercepted by the hacker. The hacker really wants to 
find out the secret keys used on both sides. No clues about the secret 
keys are obtainable from the exchange of information. 

Secret key cryptography can be done in a software computer 

program. It is approximately 10 times faster done in a specialized 
hardware secret key encryption integrated circuit (e.g. IBM's Data 
Encryption Standard (PES) (R) integrated circuit) due to the fact that 
frequent cryptographic bit operations are not done efficiently on byte 
(8-bit) oriented machines -fRS F 4 00J . Hardware based cryptographic 
digital signal processing (C-DSP) integrated circuits have been 
designed or proposed [REF S &Q-f, with single chip integrated circuit 
(IC) devices such as: 

a wire-mesh intermetallic layer which detects pin probers 
breaking the wire mesh with an impedance reading triggering 
automatic erasure of the cryptographic memory , 

tamper resistant non-volatile electrically erasable programmable 
read only memory (TNV-EEPROM) (secure cryptographic memory) , 

digital signal processing (DSP) functions supporting special 
cryptographic hardware functions such as large integer to large 
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integer exponentiation by the binary square and multiply method 
which support several public key algorithms: 



e.g. cipher text ~ 

(plain text) exponent (Public Key modulo (integer n) ) ) , 

plus built-in true random number generation from an 

electronic source and also pseudo-random (PR) number generation, 

built-in silicon compiler support for Reed-Solomon (RS) 

parity error detection and correction very important for ^cipher- 
text' block chaining modes in which a one-bit error is propagated 
through the entire cipher block which adds about 10% extra parity 
bits depending upon desired accuracy/ 

built-in silicon compiler support for hardware secret key 

encryption/decryption such as IBM' s patented Data Encryption 
Standared (PES) which converts for example ^canned compressed 
cipher-text' into *plain text, 9 

built-in silicon compiler support for MPEG X and or JPEG X 
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algorithms for faster speed especially with high frame rate full 
motion and full frame size audio/video data with ^canned 
compressed cipher-text' needing only MPEG X decompress ion (1/ 2 
CODEC function) , 

for use in some public key cryptography algorithms) , true random 
number generation circuitry for cryptographic seed generation, 
either 2 -channel (stereo) audio signals, supporting 5,1-channel 
theater type home sound systems with 5 audio channels of tweeter, 
mid-range, and woofer, and a 0,1 channel of dedicated woofer, 
supporting 30-channel (movie theater sound audio signals) , 
supporting audio/video signals (DVD movie players) , supporting 
electronic text (electronic book, or supporting electronic 
newspaper players) , 

artificial digital signal degradation algorithms can be executed 
before digital to analog converters (DAC's) create 1 st ' generation 
analog signals with digital recorders to counter-signal piracy 
(lost information cannot be restored by hackers), another counter 
to l at generation analog signal piracy using digital recorders are 
analog watermarking algorithms which introduce pseudo random (PR) , 
hidden ("human imperceptible"), fine-line, noise patterns into 
digital audio or digital video which can be recognized for audit 
trail purposes after a suspected theft, also to counter 1 st 
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generation analog signal piracy of digital signals using digital 
video recorders videotaping premier movie showings, different types 
of algorithms can be used for analog watermarkings of analog video 
data of subtle but visible to an observer, color, pseudo-random 
(PR) border background patterns on the displayed video such that a 
^bootlegged" digital camcorder recording of a commercial 1** run 
movie can be identified back to the theatre, date, and time of 
showing of the movie* However, these background digital 
watermarkings can be digitally edited out with digital computers by 
a dedicated movie thief, 

analog to digital converters (ADC's), 

analog output line amplifiers (possibly with analog 
watermarking to mark Copyrighted material) which is off-chip due 
to high power needs and power line noise introduction. 



A message digest cipher function (MDC) is like a message 

authentication cipher (MAC) in that it produces a fixed-bit output for 
any clear-text input, but, no secret key is needed- A MDC produces a 
fixed-bit, output message digest cipher code. Sometimes, a MDC is 
called a one-way hash function. A MDC is easy to go forwards, but, 
very difficult to go backwards. A message digest cipher (MDC) function 
is used for data integrity, to show that a plain-text message has not 
been truncated, lengthened, re-arranged, or altered > 
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A message digest cipher code (MDC code) can be secret key or 

private key encrypted to result in a digital signature. A digital 
signature confirms the integrity of the plain-text that is digitally 
signed and also the digital signature is almost impossible for anyone 
but the secret key or private key holder to create. A private key 
signed digital signature can be de-scrambled by anyone having the 
matching public key, so, the digital signature is not encrypted text or 
"cipher text" with "scrambled text" being a better term. A secret key 
signed digital signature is "cipher text" as it can only be verified by 
a party with the cototmon secret key. 

Most companies will not exchange secret keys even over dedicated 

phone lines* This is against standard operating procedure (SOP) as 
wire-tapping hackers using "blue boxes" or illegal phone test frequency 
generating boxes can easily pick off unencrypted passwords. Exchange 
of secret keys and passwords is also done through the US Postal System 
more affectionately called "snail mail". Despite its slowness and 
occasional mis-delivery, the US Postal System is currently more 
physically secure, more legally protected through felony, mail 
tampering and mail privacy Federal laws, more tamper resistant, and 
through certified return receipt mail is totally legitimate as court 
admissible evidence. Today's e-mail and web commerce is inadmissible 
as court evidence without extensive eye-witness corroboration because 
it is too easily tampered with or totally falsified- 

Public key cryptography is now (year 2000) used in the internet 

in limited form for secure electronic funds transfer and authentication 



(verification) of connected parties. Verisign (R) is a major vender of 
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this commercial software which is embedded in web browser software in a 
form known as a "Secure Sockets Layer (SSL)". The web browser software 
is sent out by manufacturers (e.g. Microsoft (R) ) in compact disk (CD) 
form already containing a public key generation algorithm almost 
universally using the 512-bit key RSA. (R ) algorithm and a secret key 
algorithm almost universally using the 56-bit key triple PES (3-DES) (R 
) algorithm. In y. 2000, 56-bit with 8-bits parity Triple-PES (R ) is 
the international electronic funds transfer (EFT) commercial standard 
used by the American Bankers Association which many other nations adopt 
which is roughly equivalent to a 168-bit secret key. Upon web 
installation the RSA algorithm generates a unique, customer public key 
and private key pair which is secret key encrypted and embedded in the 
user's hard disk drive within an encrypted password file for later 
retrieval and secret key decryption. Specific examples of public key 
cryptography algorithms are Dif f ie-Hellman (R) key exchange, Scfanorr-El 
Gamal encryption algorithm, RSA (R) encryption and authentication 
algorithm, IPSA (R) authentication only algorithm, and the iatest 
algorithm elliptic-curve algorithms reducing in some special cases to 
several subsets of Dif f ie-Hellman (R) and similar discrete logarithm 
algorithms. 

The web browser will establish a "secure sockets layer (SSL) » 

with a common public key database held by a trusted third party (e.g. 
Verisign (R) Web database) . The user's unique public key will be sent 
to and stored in the public key distribution web database for 
authenticated distribution to any interested party. The public key 
distribution authority is also called a certificate authority (CA) who 
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acts as a trusted third party by passing out digital certificates or 
authenticated, digitally signed copies of people's public keys. An 
International Telegraphy Union (ITU) standard for public key 
certificate distribution has been developed called X.509. 

The customer uses his web browser to connect up to a commercial 

vendor (such as a bank) who in turn contacts the trusted third party 
public key web distribution database (e.g. Verisign (R) ) for customer 
authentication to the bank and bank authentication to the customer. 
This is all done by the public key distribution authority delivering 
personally digitally signed public keys to all parties. The trusted 
third party acts like a go-between who sets up a blind date and assures 
"daters" that the other person is not a crook or serial mass murderer 
and rapist. 

In public key cryptography terminology, the trusted third party 

is also called the public key distribution authority (PuKPA) or 
certificate authority (CA) . The PuKDA is trusted by everyone and it 
passes out and publishes authenticated, digitally signed, public keys 
in the fori of digital certificates to anyone who requests them for all 
entered parties. This process is called public key digital certificate 
distribution. Trusted third party servers are also technically called 
authentication servers. The trusted third party or certificate 
authority holds the public key database for community access and 
distributes digitally signed, public key certificates. These have an 
American National Standards Institute (ANSI) and International 
Telegraphy Union (ITU) standard called X.509 -frR EF 400] . 

40 of 737 



Secure Sockets Layer (SSL) sounds good on paper until people 

realize that hackers simply have to use a remote Internet virus to 
plant a keyboard capture buffer to record all passphrases/passcodes and 
passwords including all log-on and computer account passwords. The 
keyboard capture buffer is accessed remotely over the Internet through 
Web cookies or else through virus altered victim e-mail operations- 
Once the hacker gets this data, any cryptographic keys (public 
keys/private keys or secret keys) hidden upon hard disk drives can 
easily be remotely read over the Internet and decrypted, A 
cryptographic algorithm which would require 100 years of super-computer 
use to decrypt is completely by-passed using keyboard capture buffers. 
It is also only a matter of time before hackers figure out where on a 
hard disk the permanently stored and secret key or password encrypted 
cryptographic keys are stored (mixed with pseudo-random noise called 
% salt')« A hacker program will automatically search out this hard disk 
location and give hackers the cryptographic keys. Secure Sockets Layer 
stand-alone is very insecure without hardware cryptographic memory 
storage (crypto-CPiJ's, crypto-DSF' s) and crypto- keyboards used to pass- 
thru encrypt passphrases/passcodes over wiretappable or *red* computer 
buses such as keyboard buses and micro-processor buses, 

In y. 2002, a form of hybrid key cryptography is usually used in 

practice which combines public key cryptography and secret key 
cryptography. This is because public key cryptography is often 1000 
times slower than secret key cryptography done all in hardware at 
comparable cryptographic security levels (256-bit public key/77 digit 
number vs, 64-bit secret key/ 19 digit number excluding parity bits) 
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[REF 4 00] . This ratio is public key cryptography being about 100 times 
slower than secret key cryptography when everything is done in software 
[REF 4CMH-, In hybrid key cryptography, public key cryptography is used 
for authenticating parties and exchanging one-time secret keys (session 
keys) used for secret key cryptography. 

Phil Zimmerman's Pretty Good Privacy (R) is not an algorithm, 

but, a collect ion of known Freeware Foundation (R) public key 
encryption utility programs for personal computers which allow almost 
unlimited strong encryption capabilities. It uses several proven secret 
key and public key cryptography algorithms - It uses a flat (sometimes 
called direct) or else a non- government authorized "web of trust" 
public key infrastructure . This "tangled web of trust" is simply one 
local public key database trusting another local public key database 
which trusts another local public key database, etc. Pretty Good 
Privacy (Rj is now widely available in the US for domestic use only 
[REF 400] - 

Foreign nations have no restrictions on public key cryptography 

use. Software packages are widely available in Europe and Asia for 
personal computer use. Many widely, published, non-classified journals 
such as "Crypto" , uni versify textbooks, and European and US Patent 
Office publications give different cryptography algorithms which are 
considered public information of which many are patented and 
licensable. 
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The benefits of cryptography are that various security functions 



and legal attributes can be restored to electronic commerce, Anong 



these are: 



1) . authentication (like an exchange of picture IP's or 
thumbprints) , 

2) . privacy (secrecy or confidentiality) , 

3) . integrity (wholeness and non-tampering) , 

4) . digital signatures (like cursive signatures and dating of 
documents) , 

5) , non- repudiation (denial of a digital signature by the signing 
P art Y) t 

6) - authorization (like an exchange of handwritten signatures on 
written orders or agreements) , 

7) , accessibility (restricting access to authorized users} 

8) . archiving (data record storage of digitally signed and dated 
documents) , 

9) . audit trail (recordings of accessibility to data) , 

10) . play codes and play counts (controlled access to electronic 
digital masters) - 

, 11) „ crypto key splitting and key escrow 
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12) . crypto key architectures for key administration 



Prior art electronic commerce is woefully lacking in these 

elements leading to a huge erosion of personal confidence and privacy, 
business confidence and privacy, secrecy in government, and weaknesses 
in policing authority. Strong cryptography can prevent US 
Constitutional 4th . Amendment violations (illegal government search and 
seizure) against private citizens and businesses- Strong cryptography 
can distribute the power of knowledge and information of the global 
internet and it can thwart the actions of a corrupted high level US 
government official such as a corrupted president or CIA or FBI 
director, 

_ Thomas Jefferson said that any concentration of power will 

eventually be abused by a wicked or evil authority. Modern 
interpretation is that any concentration of knowledge, power, or 
authority will eventually be abused by a wicked or evil authority. 

Other prior art approaches to this problem have been the ill- 
fated, NIST (US National Institute of Standards and Technology CNIST) 
formerly called the National Bureau of Standards) and US National 
Security Agency (NSA) reviewed Clipper chip using the classified, 
secret key, Skipjack algorithm. Retrospective analysis of the Clipper 
effort in the year 2000 by many experts shows that it was a good 
research effort which developed many key hardware technologies and 
opened up healthy public debate regarding important public policy 
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cryptography issues IREF The program did nob fail 

technological ly, but, failed in terms of the US Constitution, it failed 
in international politics with other countries, and it also failed 
commercially because no one trusted the US NIST/NSA/CIA, and FBI with 
over-whelming power to wiretap any digital transaction in the entire 
world! ! ! ? Clipper did not address key US Constitutional issues of 
protection of individual freedoms, a system of checks and balances, and 
distribution of power > Clipper did not protect in any way foreign 
freedoms and liberties represented by sovereign foreign nations, 

By y. 2007, the US Federal NIST Clipper chip/Capstone program 

(e.g. Using very costly, PC cards, once called PCMCIA cards, holding a 
Clipper chip for fully self-contained, loop-around encryption mode, 
doing very relatively slow by modern standards, bit level encryption 
suitable only for alpha-numeric text, and very low density block 
graphics) is still in use in still operational, US State Department low 
security digital phones, known as AT&T Model 3600 phones , The US 
Federal NIST Clipper chip/Capstone program secure phones by y. 2007 are 
largely considered rather cumbersome to use for lack of a built-in key 
generation algorithm, lack of any public key cryptography remote 
authentication services due to using only Diffie-Hel II man key exchange 
protocol, and are already viewed as largely obsolete equipment. 
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Clipper waa part of a larger group of hardware projects cal led 
Capstone introduced by NIST and MSA in 1993. Clipper wag meant on±¥ 
for embedded uoc in portable voicc - onlyj digital phone modems. The 
phone modem had to be carried around for portability . The Capstone ' s 

Fortczza produot was meant for digital data using stream ciphe r 

f 

encryption in PC Cards (then called PCMCIA cards) the thick/ credit 
card sized plug - in cardo which could bo put into ohirt pocket o and 
plugged into laptop computer a for uoc on computer data [REF 400] 

Clipper was a hardware integrated circuit (IC) based chip of 
oecret design implementing the secret key/ Skipjack algorithm- No 
public key cryptography was involved. Working chips were produced by 
VLSI (R) Corp of Sunnyvale, California and programmed by Mycotronix ( Rfr- 
Corporation of Torrance, California in a classified program. These 
chips were used in production AT&T voice modems. Speculation on -the 
design frequently proposes a 32 - bit micro - computer or programmable 
computer on a chip with built - in tamper resistant/ non- volatile read 
only memory (TNV - EBPRQM) for holding secret key and computer program 
storage. Alternately, the hardware has been proposed as consisting of 
a dedicated custom application specific integrated circuit (ASIC) doi **g 
Skipjack secret key hardware encryption and decryption combined with 
tamper resistant/ non - volatile memory for secret key storage [REF 400] . 

The NIST proposed Clipper chip was proposed for use on both end s 

of every secure voice communication channel through the use of 

dedicated modems containing the chip. Clipper was intended for secre t 

key* voice encryption only (it ran the block cipher Skipjack algorithm 

only in output feedback mode (QFB) mode which converts the block cipher 
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into a stream cipher) . The occrct keys were to be locked into the 
tamper resistant hardware for only one user or rcoidcncc party having 
the crypto modem- Mobility was done through carrying the phone JSBQdcjftg- 
around while security came from keeping the modemo locked up or in a 
Gccure phyQical building and rooms. The Clipper program used no public 
key cryptography algori thing/ but/ was e ntirely based upon secret -&ey 
cryptography. Public key cryptography was added in later into the 
Capstone program- Clipper also had no session key or one - time ■ occrct 
key exchange algorithm (e.g. Dif f ic - Hcllmon key exchange) specifi ed 
with the Clipper program/ but/ this was added later with the Capstone 
program. Clipper session key exchange was done with an assumed "out of 
band" protocol. See REFERENCES Section - Non - Patent Literature - fRK F 
400] . 

Only the FBI had the ability to wire - tap the Clipper* s encrypted 
data and decrypt the data after capture or in mid - stream by retrieving 
split in two, secret keys held by encrypted serial number (a secure 
hash code) in key escrow by trusted third parties. The US Treasu ry 
Department was to hold the front - halves of the unique, secret keys an d 
the US National Institute of Standards and Technology (NIST) was to 
hold the back - halves of the unique/ secret keys. Both halves of one 
secret key were to be released from key escrow to the FBI only on de-jp 
court order for a certain key serial number. The homeowner or business 
owner could also get a full key out of key escrow if his key was lost 
[REF 4Q0K 

The secure modem with a Clipper chip held a family key as well as 

the unique occrct key. The family key was used by the modem to encry pfe 
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the moderns encrypted aerial number. The family key as well was used 
to secret key encrypt a session key or one - time secret key used to 
encrypt the message. This rcoulting data was app e nded to the iMcssagc 
stream in a classified format/ data field called a law enforcement 
access field (LEAF) accessed by the common family key. The LEAF was 
restricted to authorized law enforcement use / it was not uoed for "In 
band" or inside the communications channel session key exchange by th e 
two parties. How the two parties exchanged session keys was through an 
unspecified "out of band" or outside the communications channel secret 
key exchange protocol (e.g. Dif f ic - Hcllman Key Exchange Protocol) [REF 
4 00] . 

Law enforcement could legally with a special "cipher (encrypted) 
text wiretap" court order or even illegally without a court order 
(there were no tcchnicol restraints to stop such action) wire top and 
record a Clipper encrypted phone message « This is like separating a 
needle in a scaled envelope from a haystack. To decrypt the mcGGagcj 
law enforcement would still need the family key held in key escrow 
using key splitting between the FBI and US Justice Department which 
would assumably only be released with "probable cause" of a ooaamon 
crime submitted to a court for a court order. A Foreign Intelligence 
Surveillance Act of 1978 (F1SA) wiretap only for "national security" 
cases would not need "probable cause" of a crime. The whole family ke y 
would be needed for law enforcement to access the law enforcement 
access field (LEAF) header in the digital message which only contained 
session key data for legal law enforcement wiretapping [REF 4 00] . 
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The LEAF format wag classified^ but> is widely believed to be 
juot the result of the pending modem A using the comaoii/ family key 
embedded in the modem to encrypt o field having three things: 

- identification of occrct, encrypt cd> modem aerial number A, 

occrct key A encrypted ocooion key A (a session 3cey io jmst a 
occrct key used for juot one messa^ef 

^ ccrot key A encrypted tamper resistance field [REF 400] - 

Law enforcement would still need the whole* occrct key A held In 
key eocrow using key splitting between the US Treaoury Department and 
the US National Institute of Standards and Technology (NIST) . Law 
enforcement could use the whole, secret key A to decrypt the LEAF held 
session key (1 - tlme occrct key) which in turn could be used to decrypt 
the digital voice meooagc attached to the LEAF [REF 400] . 

Law enforcement could legally with or without a court ord e^ 
wiretap an encrypted meooagc through a "cipher text (encrypted text-f-^ 
wiretap. This would be like oeparating a needle in a scaled envelope 
from a haystack. Thio technique used without a court order might -be 
legally justified for FBI use on "highly ouopiciouo people with proven 
associations; to known* violent terrorioto . g The "cipher - text wiretap" 
would be useless without eventually getting crypto keyo from key eocrow 
under a court order with "probable cause of a crime." A FISA wiretap 
under the Foreign Intelligence Surveillance Act of 1978 used only in 
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^national security" cases would not need "probable cause" of a cr^ae 
but a court order from the FISA 7 member panel of Federal ju dges 
appointed by the Chief Justice of the US Supreme Court. A court order 
would be obtained by showing to a Federal judge or local criminal court 
judge legal "probable cause" of a serious misdemeanor or felony. Law 
enforcement could then use the court order to obtain the key spli ^y- 
family key hold in key escrow by the FBI and the US Justice Department 
[REF 400] - 

; Law enforcement with a legal court order for a wiretap; could use 
the wholc^ family key to access or decrypt the LEAF. The decrypted 
LEAF would uniquely identify the modem producing it through the secret, 
encrypted, modem serial number A. Law enforcement could take the legal 
court order and the modem serial number A to both the US Treasury 
Department and the US National Institute of Standards and Technology 
(NIST) in order to obtain the key split secret key A held in key escrow 
[REF 4 00] . 

Law enforcement would now have a legal court order for a wiretap j 
a whole family key/ and a whole secret key A. The secret key A could 
then be applied to the LEAF to obtain the decrypted session key or one - 
time secret key U3cd for just one message. The session key could be 
used to decrypt any stored encrypted messages and any future encrypte d 
messages [REF 400] . 

La%* enforcement could finally use the decrypted session key to 
decrypt the voice digital message. Only the one - time secret key or 
session key was used to encrypt the message [REF 400J . 
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Objections to the Clipper chip proposal vioro from many respected 
sources and very heated. With a secret hardware design and classifi ed 
crypto algorithm plus secret NSA production and distribution of 
hardware/ there was no way for civil libertarians/ foreign governments ^ 
foreign scientists/ academic scientists/ and commercial scientists to 
chock for "back, doors" to prove that escrowed encryption was 
technically as well as legally supported in an honost manner. A "iddqIc" 
or spy in the central/ NIST (technically backed by the NSA) production - 
apparatus/ a bribed NIST (technically backed by the MSA) offici al 
unable to turn down a billion dollar deposit into an anonymous Swis s- 
bank account/ or even a politically coerced high NIST (technically 
backed by the NSA) official/ would have access to whole keys before key 
escrow and could tamper with Clipper hardware or introduce rigg ed 
hardware chips [REF 40Q-j-^ 

e.g. In example, rigged computer hardware chips have cvce been 

introduced by bribed Bally (R) employees into the highly ocm e 

production of Las Vegas electronic poker machines. The rigged poker 

machines were looted by "inside job" "swindle ring" customers who 

triggered artificial jackpots by placing planned token bets when 

known card sequences rando ml y sh o w e d up in order to trigger further 

planned bets placed upon subsequent programmed card sequences which 

eventually led to artificial jackpots. The suspect machines wc ^e 

inspected and declared secure by a high level Las Vegas Gamim ? 

Commission official in charge of firmware validation and verification 

who was the mastermind of the entire swindle and main recipient of 
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millions in dollaro in cash, illegal gambling proceeds* The high 
lovol gaming official wao eventually caught, tried, and convicted 
based upon the testimony of his low level accompliccs -?- 

With classified hardware/ firmware/ and crypto algorithm design ?- 
no independent party could verify if the Clipper hardware or Skipjack 
crypto algorithm were secure through open scrutiny. A secret backdoo r 
could be intentionally put in the hardware by the NSA to by-pass k ey 
escrow. An accidental design or production flaw in the Clipper ch ip 
could easily be exploited by hackers to by-pass security. A secr et 
backdoor could be intentionally put in the Skipjack algorithm by the 
NSA to by - pass key escrow ouch as by using an uneven key space or non - 
linear key space known only to NSA officials. The Skipjack algorithm 
could be vulnerable to some odd or newly discovered mathematical attae fe 
unknown to NSA officials/ but/ known to some Russian mathematicians and 
the Russian secret police [REF 400] . 

The key escrow process itself was criticised as being inadequate 
in that all escrow parties were in the executive branch of thc -US 
government under political pressure of the President of the Uni ted 
States [REF 4 00J . If this President happens to be Richard Nixon using 
Internal Revenue Service (IRS) tax records and surprise income tax 
audits against political opponcnto> illegal breaking and entering, a nd 
illegal wiretapping devices planted by ex-CIA and ex - FBI agents* the US 
citizen and foreign governments arc not too assured of security > 3 %e 
logical choice would have been to put the US Supreme Court and Fcd efaJr 
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courts in charge of half of the relevant keys to defend the US 
Constitution and Bill of Rights (especially the Fourth Amendment 
injunctions against illegal search and seizure) , and a neutral 
legislative party such as the US Congress * General Accounting Oifi ee 
(CAP) otherwise known as the investigative arm of the US Congress in 
charge of the other half of the keys. This key escrow storage would 
have respected the three division of powers in the US Constitution/ th e 
executive branch/ the judicial branch/ and the legislative branch- 

Foreign governments and foreign businesses did not trust the US 
key escrow process and were afraid of legal and illegal US government 
intrusion into their own government and business secrets . Foreign 
governments instituted their own strong encryption technologies free 
from the artificial key length and key escrow restraints of the MSA 
[REF 4 00J - 

If Clipper was compromised through security leaks or a singl e?- 
crooked central key escrow employee, a corrupted government authiority, - 
forcign government, or anarchist hacker group could still undctcctcdly 
wiretap every single digital transaction and phone conversation in the 
entire world? ! ! ! ! Civil libertarians/ foreign businesses/ forc 4*£& 
governments/ and US business interests rigorously opposed its 
introduction [REF 4 00] . 

There were also technical complaints that the Clipper program was 
too rigid in that it did not support transportable keys (through 
donglcs/ Smart Cards/ or PC Cards) . Clipper did not support multiple 
crypto algorithms other than Skipjack. In the early 1990 *S/ the 
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prevailing commercial standard was 56, - bit secret key,, Triplc - DES jg^ 
PES) in Cipher Block Chaining (CBC) mode. Clipper hardware 
Capstone also did not support block cipher modes and only supporte d 
Output Feedback (OFB) stream - cipher mode although other modes could be 
used with the Skipjack algorithm IREF 400] , 

The public key cryptography algorithms supported for Capstone 
were Digital Signature Algorithm (PSA) for authentication of parties 
(who) k Dif fic - Hellman for Session Key (1 - timc secret key) exchange 
(what) , Meanwhile in y> 1993 until currently in y, 2002 the do facto 
industry/ worldwide public key cryptography standard was and still is 
1024 - bit key, proprietary RSA (R) algorithm. Clipper hardware used in 
Capstone also did not support block cipher modes and only supporte d 
Output FccdBack (OFB) stream - cipher mode although other modes could b e 
used with the Skipjack algorithm- The PC cards used in Capstone with 
the Skipjack chip did very slow stream cipher encryption and natural 
mode block cipher encryption with the data stream fed in from fe fee 
■ personal caraputer with a PC card reader [REF 400] . 

There were also legitimate complaints that a legal process of a 
court ordered wiretap would quickly expose or compromise whole, family 
keys to all involved parties^ All modems using a certain family key 
would" have to be re - programmed to retain secrecy of the family key [RE F 
100] > 



54 of 737 



^ — jy^^omp^ 

serial numbers for the modom A from a legal wiretap would bavc to be 
re-programmed with new keys re - issued and re - key escrowed [REF 4 00 J - 

There wore legitimate complaints that the 16 - bit (64 thousand 
possible combinations ), unique , tamper resistance field which was put 
in to foil brute force/ computer attacks upon the LEAF could be easil y 
quGQQcd through a computerized brute force hacker attack upon the LKM V 
Thc brute forced U5&F could even work with a guessed/ wrong tamper 
reals tancc che c kg um. matching a guesaed^ wrong key iii the fields The 
Clipper containing modems were initially programed to bliaply ign frgfe 
mcs-sages with bad .topper xcaistance ,f ield checksums. NSA's respons e to 
;j:ke^we^k^^ 

10 bad LEhFa possibly from a liackcr Which would force an inconvenient - 
delay to the -hatzkar^ - This would simply, glow-* a - hooker ?c automa ted^ 
computer key cracking program down while the hacker is off cating -a: 
pjjajaa [HEF 400J h±±± 

A partially compromised LEAF would yield the encrypted modem 
serial number which would mean that all Internet or TOicc transactions 
with the "clear - text (unencrypted) " y modem serial number A could then 
be paxacd ox isolated, by hackers by fjecrypting the IgAF field of all 
desired messages for modem aerial number A. A compromised/ on ee- 
secret, modem sofrial numbdr A couid'be used to bribe government 
o-f-f -icial-o- • 'j Liito ; ,: f^evealihg a whole y Secret key 

be used to obtain the one - time, 80 - bit/ Session Key A (1-timo occ gefe 
key) N: frorovfcfoc liEAF of any ihessngc sent" by ~thc modem serial number A- 
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4001 . 

At about: the same time in 199 4 , NISt (with tfcciiriicdl review arid 
support from the NSA) qIgq announced a larger group of crypto hardwar e 

Skipjack algorithm and cocrowcd otoragc of key split (like breaking a 
house key into a front half and a back half) cccret keys (using Micali r 
Key Escrow LRBF 1] ) > These hardware and firmware initiatives supporte d 
a broader range of crypto issues including: 

4-K crypto key mobility through the PC Cards (PCMCIA cardie) - 

2) > key escrow using the Escrowed Encryption Standard (the same as 
for the Clipper chip) ^ 

j^ K public key eryptogmphy authentication of parties using fe fee 
Digital Signaturing Algorithm (PSA) algorithm (developed by the 
National Institute of Standards and Technology with NSA technical 
suppo^t.)->- 

4j , public key cryptography exchange of secret keys and session 
keys (probably using Dif f ic - Hollman public key Exchange) , 

data integrity support through the secure hash algorithm (SHA) , 
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doing faster PSA public key authentication and Piffle - Hcriman key 
exchange ma.thcma.tico> - 

7) . and a hardware true random number generator - 

8) . internet support through the generic/ Mosaic program, Mosaic 
wo g thc^r cdeces^r^to^^ u fee* 1 
program and also Microsoft's Internet Explorer (R) > Mosaic was 
developed at the -Univ^ of Illinois by a team including a le ad 
graduate student researcher, Mr. Marc Andrccson> who copied the 
source code and improved it with venture capital money to form the 
original Netscape Navigator) [RBF 4 00] . 



Th e Fortezza card (initially called th e Tessera card y b uty 
changed due to Copyright violations? was a member of project Capstone - 
It was a classified design PC card (PCMCIA.) card which is a thick 
credit card sized electronic plug - in card for laptop computers whi -efe 
was used for stream cipher encryption by a laptop computer or desktop 
personal couBputcr. Production cards were produced with Mycotronix (R> 
Corporation firmware and VLST (R) Corporation hardware for US Stafe e 
Department and CIA field office use with lap - top computers hooked up ^fce 
standard phone lines through standard modems [REF 4 Q&j-r 
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The Fortezza card probably had [REE, -4,0.0,] ? 

1) , tamper resistant, non - volatile memory (TNV - EEPROM) for secure 
key o tor age r 

2rt . a 32 - bit embedded microprocessor or faster dedicated circuits 
for the Skipjack algorithm/ 

3) . a random ninnmbcr generator circuit for generating session keys 
and also white noise used in some public key cryptography algorithm 
(e.g. El Garaal-)-^ 

4f . large integer number to large integer number exponentiation 
hardware for RSA and other public key cryptography^ 

% ^ . static random access memory (SRAM) , an d 

6) . a PC (PCMCIA) card reader interface. 

Capstone's firmware or embedded software did authentication e £ 
parties using PSA, Session Key (one - time use secret key) exchan ge 
probably using Dif f ie-Hellinan, and then self - contained Session Key 
encryption of data using the classified Skipjack algorithm [REF 4 00] - 

The criticisms of Fortezza were the same as for Clipper. Ad ded 
criticisms of Fortezza were that the card was too expensive at US $2B 
retail vs. $5 for a smart card and $0.25 for a magnetic strip card'* 
The card was too thick at 1/4" vs. credit card thickness for a sma ^ 
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card. The internal to the card stream cipher encryption/ decryptioa ha d 
to bo fed - in from the pergonal computer with a PC Card reader and wao 
too slow for a late 1980' o era speculation regarding a classifi ed 
program 18 MHz low coot embedded micro - controller or application 
specific integrated circuit vs. a 33 MHz Intel 486 used in comparable 
doolctop systems of the time [REF 400] s 
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Prior Art Discussion 
on Smart Cards 

Many US Patent and Trademark Office (USPTQ) and European Patent 

Office (EPO) patents have already been issued for micro-controller 
based smart cards with non-volatile electronic memories for 
cryptographic key storage, identification numbers, bio-identification 
data, and cash debit amounts: smart cash cards and distribution 
systems, smart phone cards, and smart voting cards. Smart cards have 
been extensively used in Europe for over fifteen years. 

Smart cards have progressed rapidly in Europe in commercial and 

government uses despite their high relative cost compared to magnetic 
strip cards used in the US due to the poor reliability phone systems 
(99% up-time) in Europe and the lack of central phone standards while 
the US has always enjoyed reliable telecommunications (99.999% up-time) 
and national phone standards. Magnetic strip cards cannot be used 
stand-alone while smart cards work well stand-alone. 

Smart cards based upon optical memories which are thin 

transparent plastic strips holding laser beam readable digital data use 
optical technology similar to compact disks and digital versatile 
disks. The smart optical cards themselves are encoded with forward 
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error correction which allows self-correcting data in redundant forms, 
however, they are still prone to abrasion, and acid damage while being 
largely immune to electro-magnetic discharge (static) damage and water 
damage > The draw-back of these cards is the need for a smart optical 
card readers are expensive US $20,000 per item which must connect \ip to 
a personal computer . 

0 

New forms of extremely secure and private smart card (212) based 

electronic cash cards, electronic banking debit cards, and electronic 
credit cards will be possible in the early 21 st century. Internal debit 
and processing circuitry in the smart card (212) will allow some stand- 
alone operations without any form of remote connection for use in 
emergencies and areas with poor or no. Internet access - The requirement 
for single point of failure survivable, full forward and backwards 
audit trail of all smart card financial transactions makes for 
extremely difficult cryptographic ^traceable electronic cash 
protocols - ' 

New technology is desperately needed to counter fraud in the old 

forms of pen, pencil, and paper hardcopy identifications, paper 
currency , and documents for government and commercial use. 

e.g. This is especially true with the advent of cheap, personal 
computer (PC) based color scanners, easy to use color image editing 
software, and cheap color printers > Home use plastic lamination 
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equipment with forged color identif icatioa (ID) produces authentic 
looking color ID badges at pennies on the dollar, 

e.g. Color laser printers produce very passable US government 
currency used by teenagers for pocket money. The phony currency 
was once detected by color smudging with wet fingers and the 
rubbing of the paper which did not have the cloth feel of real US 
currency which is made out of linen. Recently/ water-resistant 
ink- jet cartridges have been introduced which will produce water 
resistant cheap counterfeit money. 

e.g. Billion dollar a year in revenue, foreign based and 
government condoned (Thailand and Taiwan) , commercial forgery 
operations produce authentic looking US government ID such as state 
driver's licenses, social security cards, and certificates of live 
birth. Even three dimensional visible light laser holograms meant 
to counter forgeries are reproduced by million dollar commercial 
printing machines. The identities of deceased US citizens are used 
who were never reported in to the US Social Security Administration 
(SSA) or to individual state motor vehicle offices. This makes the 
identification cards good as the real thing in terms of by-passing 
fraud detection by computer databases. 

e.g. Foreign US currency forgery rings operated by hostile 
foreign governments such as Iran under the late Ayatollah Khomeni 
produce such realistic US currency that the amounts are ignored by 
the US Treasury Department as being too costly to stop. 
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e.g. In the 1990' s, billion dollar illegal cash revenue, 
commercial, printing operations using mullion dollar commercial 
printing presses, legally condoned by the Thai government and 
headquartered in Thailand produce the latest computer visible light 
3-dimerasional holography, mult i- layer, forged, US government 
identification cards including forged, US State Department 
passports, forged, passports from any foreign nation, forged US 
Social Security Cards using the Social Security Numbers of dead 
people (to pass through government computers if they have not yet 
been officially reported as deceased) , forged, US California state 
driver's licenses using the state driver's license numbers of dead 
people, and forged, certificates of live birth in the US. 

Forged California driver's licenses using the driver's license 
numbers of deceased people arc oo good that they routinely fool 
California Highway Patrol (CHP) Officers and even the California 
State Department of Motor Vehicles (DMV) mainframe compute r 

e.g. Illegal aliens routinely purchase in Los Angcl-es- 8 - 
McArthur Park, the headquarters of the Hispanic illegal alien 
community from Mexico, Central/ and South TVmerica/ zip - lock bag s 
of very high quality; Thai made# forged identification for $500— 

A typical $500 zip - lock/ bag will include three from the 

-fe-Hro wing list; a forged US State Department passport, a forged 

California driver 's license, a forged Social Security Card; — a 
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forged certificate of live birth in the US. These documents arc 
noccsaary to get a job in the US. The identities on the card 
arc legal identities of dead people with the pho to— 
identification updated to the impostor- The identification 
will pass through the otatc DMV compute ro and will fool -a 
California Highway Patrol Officer. 

California employers photocopy IP for their files for legal 
protection againot hiring illegal aliens and the $10/000 per 
alien fine, but> ore usually loathe to question authenticity 
because of a shortage of stable (staying longer than six month s 
after training), minimum wage workers. The few California 
employers who wish to comply with the law have no legal m e ans to 
verify identification with the Social Security Administration 
(SSA) using photo ID. 

[In y. 2002, the state of California has about 30 -4 0 million 

state residents with estimates of as low as 33% up to 50% o£ —& 

range of 13 million up to 20 million being illegal aliens in 

California mostly of Hispanic origin from Mexico, Central 

.America/ and South America- Migrant illegal alien farm workers 

pick 100% of the California agricultural harvest which is a 400 

billion dollar state industry which provides much of th e 

nation f s seasonal specialty crops and winter vegetable crops. 

The illegal aliens facing unemploym e nt and poverty in their 

countries of origin also willingly do the *dirty work' ±n 

r e staurants most of which will go bankrupt without illegal ali ea 

labor. In a robust 2 trillion dollar/ hi - tech/ California state 
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economy which is 1/ 7* ** the entire y. 2003 US economy by Groaa r 
Domestic Product (GDP) / illegal alicno take for long - tci m 
(longer than six months/ job/ e mployee) moot of the minimum wa^e 
"dirty work" jobs which Americano will not take ouch go field 
work/ restaurant work, dish washers, fast food worker -fry 
gardeners/ nanny's/ and house - cleaners- This estimated 9 - 20 
million illegal aliens in California io out of a y, 2000 US 
C e nsus figure of 300 million US residents with as much as 30 
37 million total US residents being of Hispanic dcscent# with an 
unknown nurobcr of illegal alien Hispanics, legal alien/ and US 
citizen American - Hispanic ancestry. Y, 2002/ US Department of 
Labor estimates give the total US Hispanic figure of 37 million 
residents of which as many as one - half or 18,5 million may be 
illegal aliens (the US Census figures arc well known to unde ^— 
count because illegal aliens and recent immi grants from 
repressive governments simply throw US Census forms out in the 
trash) . 

Many illegal aliens vote especially regarding illegal alien 
legislation and have * swing voted' many local, state, and even 
US Congressional scat elections in California because there it 
is illegal under California law for voter registrars to -de 
California state voter identification verification fo^r-US 
citizenship. Many illegal aliens drive without car insurance 
and with forged state driver's licenses which are so good that 
they fool the California Highway Patrol (CHP) and also the stat e 
Department of Motor Vehicle computer. 
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A few illegal aliens commit major crimes such as 1^ - degre e 
murdor and pre - meditated murder of a polico officer and th eft 
disappear back into their home towns of Mexico^ Control America^ 
and South America where they know that the Catholic dominated 
governments will not honor US extradition requests to aift y 
country or state with the death penalty. Identification of 
illegal alien criminal suspects is difficult duo to forged le gajr 
alien status cards and forged stat e driv e r's licens es^ 

The— national security implications arc obviously dangerous i -» 
an age of Al Kaida based terrorism because of i the prior a ae^-og 
basically undefendable US borders from illegal immigration, we.a £ 
identification of immigrants to the US, 99% use of forged bttfe 
legally passable identification used in applying for employment 
(to avoid the US $10, 000/iilcgal alien fine which is basically 
unenforceable due to forged driver's licenses an and no photo-id 
for employer access) / forged identification cards which are 
99.9% passable used for employment, renting housing, buying 
airline tickets with 24 - hour non - stop flights out of the US; 
forged but 99,9% p a ssabl e id e ntification of those applying for 
rental cars and apartments during high terrorist threat periods -?- 



Microsoft (R) Corporation has launched a Windows 2000 smart card 

initiative for its Windows 2000 operating system (not yet released in 
January of 2001). This involves a standardized, embedded operating 
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system contained inside smart cards. Not much has yet been published 
on this initiative (see http: Wwww. microsoft .com) . 

Intel (R) Corporation has launched a cryptographic architecture 
in January of 1999. Not much published information exists on this 
initiative (see http:Wwww.intel.com) . 
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Prior Art Discussion on Digital . 

Electronic Masters 

Digital masters for movies, music, video games, and computer 

programs are easily extracted from their current forms in digital 
versatile disks (DVD's)/ video tape, cassette tapes, and compact disks 
(CD's)- An illegally obtained digital master is easy to illegally copy 
in digital to digital copying an unlimited number of times without 
degradation of the signal quality unlike an analog copy- 

e,g, Taiwanese based commercial operations, legally pirate US, 
European, and Japanese music and movies for Taiwanese citizen use, 
since, Taiwan is not a member of the Bern international copyright 
convention. Taiwan is a notorious software, movie, music, and 
counterfeit brand-name product, piracy country which depends upon 
these revenues for hundreds of thousands of jobs. 

The OS and Europe are illegally flooded with hundred* s of 

millions of dollars worth of Taiwanese produced, illegally made copies 
of DVD and VCR format movies, cassette tape and CD format music, CD 
format and ROM -pack format video games, and CD format computer 
software . 
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e.g. Napster (R) is a 1999 corporation creating peer-to-peer file 
sharing on the Internet, Any digital file could be shared, but, 
Internet traffic mostly consisted of hundred's of millions of US and 
European teenagers posting and sharing on their Internet connected, 
home personal compxiters illegal and xmpaid for copies of MPEG 1 audio 
layer 3 (MP3), compressed, digital, music files which were made from 
NEVER encrypted Copyrighted music compact disks (CD's) , 

The Recording Industry Association of America (RIAA) estimated 

that Napster (R), and Gnutella (R) other similar types of services 
caused in year 2000 alone a loss of 2-3 several billion US dollars in 
yearly retail sales to the music industry out of y. 2000 US 50? billion 
in worldwide music sales and a loss of hundreds of millions of US 
dollars in yearly copyright royalties to the recording artists. 



In the end of year 2000, Napster was declared in violation of the 

US Copyright laws by Federal district court judge Marilyn Hall Fatel 
and forced into near bankruptcy by hefty fines, penalties, and 
settlements. 

e.g. DIVXX (R) was an early commercial digital versatile disk 

(DVD) custom encryption format promoted by the Circuit City (R) 

electronics retail chain which needed a special cryptographic digital 

versatile disk (DVD) player. The encryption was custom or unique for 

each vendor, each player, and each customer. The format was tailored 
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for home rental movies rented on DVD format which was supposed to 
replace video cassette recorder (VCR) tape rental. The cryptographic 
procedure was similar to the Schenier portable music format explained 
in [REF 10] . DIVXX (R) failed in the marketplace because it was a 
proprietary non-standard format which failed to attract a de facto 
industry following. 

e»g. In y. 2002, DIVX (R) with one less "X" has resurrected 
itself as an Internet distribution software format for MPEG IV 
compressed digital Internet distributed movies. The cryptographic 
medium even on fast cable modem and asymmetric digital subscriber 
lines (ADSL) phone modem lines takes a minimum of two hours to 
download a feature length commercial movie with analog color 
television quality. The standard is yet unknown but believed to be 
similar to its predecessor. 

e.g. The content scrambling system (CSS) is an electronic system 
for scrambling audio/video digital versatile disk (DVD) content which 
was intended to keep mostly commercial movie digital versatile disk 
(DVD) content safe from hackers. Digital versatile disk (DVD) 
content was designed to be unlike the older compact disk (CD) content 
which was never encrypted and thus easily copied in digital master 
form* 



In the late 1990' s, the designers of Content Scrambling System 



(CSS) knowingly used weak hardware circuit encryption scrambling of 
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movies when digital versatile disks (DVD's) first came out. The CSS 
designers had a firm expectation that the encryption would be cracked 
by hackers within two to three years. Content scrambling system (CSS) 
used a known weak encryption hardware based duo-linear feedback shift 
register (duo-LFSR) technique with one LFSR dedicated to general family 
key encryption with a family initialization vector and one LFSR 
dedicated to custom movie distributor use with a unique vendor 
initialization vector. Each hardware DVD player would receive the 
famiiy initialization vector (IV) stored in hardware and each 
distributed DVD would receive a software vendor initialization vector. 
The LFSR encryption was used to custom encrypt for each movie 
distribution company but standard for each customer and player the 
digital content on digital versatile disks (DVD) and decrypt the 
content in an authorized digital versatile disk (DVD) cryptographic 
media player [REF 508-j-. The vendor initialization vector was then 
family LFSR encrypted for "cipher text" storage on the DVD, 

In 1999, the content scrambling system's (CSS) encryption was 

easily decrypted within months by a Swedish hacking group of teenagers 

called "Anathema" using personal computer (PC) based hacker "cracking 

programs." A single erring movie vendor had unintentionally left a 

"clear (decrypted) text" vendor initialization vector (IV) on his own 

distributed digital versatile disk's (DVD) which it sold. "Anathema* 1 

used the single unveiled vendor initialization vector (IV) to decrypt 

the other vendors' encrypted crypto keys. The family key 

initialization vector (IV) had already been cracked by inside 
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authorized vendor sources leaking out computer program source code 
information used for the Linux (R ) brand of UNIX operating system 
production of DVD disks. Hackers had created a "De-CSS" computer 
program for Linux used to remove CSS scrambling which was available on 
hacker Web sites, "Anathema" released over two- thirds of the two 
thousand secret keys used by separate movie distribution companies to 
encrypt video digital masters along with the hacked out algorithm or 
cipher crypto-analysis "solution". 

In the year 2000 / the Recording Industry Association of America 
(RIAA) has launched the Secure Digital Music Initiative (SDMI) to 
establish open standards for secure, digital media distribution -fsee 
REFERENCES - Non - patent Related References [REF 500] )-, 

RIAA has fielded request for proposals (RFT's) with the goal of 
developing industry wide open standards using the technologies of 
public key cryptography, secret key cryptography, and or analog and/or 
digital watermarks (a form of digital signatures which acts like a 
printed watermark on authorized paper documents) to uniquely identify 
authorized digital works, etc, 

In y, 2001, a European academic published a crypto-analysis of 

the cryptography used in the Adobe (R ) Corporation's electronic book 
(e-book) format to distribute over the World Wide Web (WWW) type-set 
text and photographs readable on a prior art Personal Computer (PC) 
using the Adobe (R ) Acrobat Reader (R ) with special Adobe (R ) multi- 
master fonts (font imitations) which do not have to be down- loaded. 
The academic was charged in Federal Court by Adobe Corporation with 
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violating the US Digital Millenium Act of y, 1998 which broadly 
prohibited developing even the programming tools to attack or analyze 
ciphers used for US and Internationally Copyrighted commercial digital 
media distribution, A higher Federal Appeals Court put a suspension on 
the lower court tilling. At issue was not US Copyright viol at ion , but, 
the 1 st ' Amendment Freedom of Expression and INDEPENDENT FREE PRESS right 
of academic research into the cryptography tools used to implement the 
US Copyright violation restrictions. The US Digital Millenium Act of 
y, 1998 was ruled overly broad in effect trying to outlaw all language 
for one person's use of foul language, A Russian private corporation 
used the published cipher data obtained by its management in the US at 
a US hacker convention in Los Angeles and used the decryption 
algorithms to export to the US Copyright piracy software to illegally 
read Adobe electronic books in the US. A Federal court in y. 2002 
ruled that the import into the US of the Russian piracy software could 
be blocked, but, the Russian corporation's employees were not in 
violation of the Digital Millenium Copyright Act of 1998 due to being 
Russian citizens unaware of US law and out of US jurisdiction, 

In October of 2001, a proprietary, digital watermarking technique 

was selected as the first generation secure digital music initiative 
(SDMI) standard for digital music only intended for portable media 
players. Digital watermarking is not encryption, but, the use of 
unique and hidden digital markings to identify digital media much like 
an ink pattern watermark used upon letter paper, A hardcopy pen and 
paper analogy are the feint ink and sometimes embossed (raised letters 
and symbols) personal markings on letter-head corporate paper called 
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hardcopy watermarks. In y. 2002, there is no technical or mathematical 

evidence that even pseudo random (PR) digital watermarks cannot 

eventually be filtered out by hackers using powerful personal computer 

(PC) digital filter programs . This digital watermark if found on 

digital content is merely a Copyright identification, legal owner 

identification aid, music piece and version identification aid, and an 

aid in audit trail which identifies the legal copyright owner. The 

digital watermark also helps prevent illegal copying of the digitally 

watermarked digital media only if an authorized Secure Digital Music 

Initiative (SDMI) compliant portable media player is used. Customer 

playing of previous digital data such as Moving Picture Electronics 

Group (MPEG) standards I audio layer 3 (MP3) compressed digital music 

is not effected in any way even if illegally recorded and used (a SDMI 

industry courtesy to loyal fans and customers) - Customer playing of 

non-watermarked and non- Copyrighted home produced material such as 

"home-brew" music is not effected in any way. The use of personal 

computers (PC's) are effected by the need of introducing new personal 

computer's (PC s) which would not copy digital music media having a 

Copyrighted watermark. This personal computer chore of monitoring for 

the Secure Digital Music Initiative (SDMI) music "digital watermark" 

for music would be in an addition to monitoring for the US National 

Association of Broadcasters (NAB) "broadcast flag" post-broadcast 

inserted only into "over the air" broadcast audio/video. The y. 2002 

US Senate's Rollings Commerce Committee (which is in charge of Federal 

Communications Commission (FCC) controlling only the phone system, 

cable system, and US airways) has passed legislation which requires 

personal computer (PC) monitoring only of the "over the air" broadcast 
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flag. The broadcast flag will be post-broadcast inserted by a digital 
television set-top box into unencrypted "over the air" digital media in 
the new fully digital, standard definition television (SDTV) and high 
definition television (HDTV) broadcasts in order to prevent digital to 
digital copying of any form. Personal computers can digitally copy 
perfect limitless copies of digital media (e.g. DVD-Rig/ DVD+RW, CD-R, 
CD-RW, FLASH cards, or digital tape) to other digital media form. The 
SDMI Committee has also approved an imperceptible to music quality 
("golden ear listeners") , analog audio watermark which will be added 
into analog audio output to loud-speakers to help identify wiretapped 
and digitally recorded analog audio output. 

In August of 2002, the Secure Digital Music Initiative (SIMI) has 

not yet started a second generation more inclusive standards setting 
process yet. The second generation standard will use a more 
sophisticated cryptography technique than digital watermarks and analog 
watermarks, perhaps in the line of this invention involving customized 
per user hybrid key cryptography with media ticket smart cards. 

The US Federal Communications Commission (FCC) and the US National 

Association of Broadcasters (NAB) are concerned about digital to 

digital recordings of all digital, high definition television {HDTV) 

"over-the-air" broadcasts for big screen TV's, and also digital 

standard definition television (SDTV) format with SDTV meant for 

backwards 483-viewable line compatibility with the existing analog TV' s 

after digital to analog conversion (DAC) using a cheap "over the air" 

set-top box (about retail US $300) . A HDTV/ SDTV "over the air" set-top 

box will receive all unencrypted, digital HDTV/ SDTV television signals 
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in MPEG II compressed digital form (compressed digital YCbCr form) and 
convert them to two forms: 1) . existing analog, National Television 
Standards Committee (NTSC) television signals for viewing upon existing 
NTSC analog television sets, 2) . all digital HDTV/SBTV television 
signals can be displayed directly in digital form modulated to analog 
(analog Y'Cb'Cr') or in other words digital signals piggy-backed upon 
an analog carrier frequency for output upon the y, 2002 newly 
introduced, computer monitor like, high resolution, digital "big 
screen" television sets (which in y. 2002 cost about retail US $1,500), 
All digital HDTV/SPTV signals are in y. 2002 broadcast "over the air" 
in unencrypted form. The "over the air" set-top boxes are vulnerable 
to Migital to digital f signal theft unlike "over the air" analog NTSC 
signals and also unlike the 'cipher-text (encrypted) ' cable TV set-top 
boxes and satellite TV set-top boxes which convert broadcast encrypted 
MPEG IV compressed digital audio/video for satellite set- top box 
conversion into unencrypted analog NTSC signals before wire-tappable 
output, "Over the air" set-top boxes using 'plain text (unencrypted 
text)' can allow unlimited and perfect Migital to digital' copying of 
digital broadcast television shows and movies shown at home in either 
compressed digital MPEG X form or else in the much higher frequency un- 
compressed, digital modulated to analog (analog Y' Cb'Cr') form through 
signal sampling to reduce recording frequencies. The Digital Video 
Interface (DVI) of the Video Electronic Standards Association {VESA) 
was designed to counter 'digital to digital' 'set-top box' to digital 
monitor signal theft. All digital DVD-RW (R ) recorders will allow 
perfect 'digital to digital copies' of these fully digital television 

shows for illegal copying and illegal distribution. 
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To prevent perfect digital copying upon digital recorders, the 
National Association of Broadcasters (NAB) wants the US Federal 
Communications Commission (FCC) to require a "broadcast flag" to be 
post-broadcast inserted by the antenna connected HDTV/ SDTV "over the 
air" set-top box (not applying to the cable set-top box nor the 
satellite set-top box) . The "broadcast flag" will be "over the air" 
set-top box post-reception inserted into the unencrypted "over the air" 
HDTV/ SDTV signal. All electronics devices even personal computers 
capable of copying such digitally recorded "broadcast flag" marked 
digital media (e.g. DVD/RW (R ) or DVD+RW (R ) disks, CD-R (record 
once) disks, CD-RW (read/write) disks, FLASH memory disks, coiapirter 
hard disks, streaming cassette tape) would then be required by law 
under the US Senate' s Hollings Commerce Committee (in charge of Federal 
Communications (FCC) legislation) Bill of y> 2002 to detect the 
"broadcast flag" and stop illegal copying of US Copyrighted material. 
The Holling' s Bill does not effect digital music using the Recording 
Industry Association of America's (RIAA's) Secure Digital Music 
Initiative (SDMI), Phase I digital watermark to identify Copyrighted 
music- The Holling's Bill also does not effect digital direct 
broadcast satellite (DBS) distribution services (e.g, Hughes 
Communications DSS f s (R ), New' s Corporation/ Echo Star's Dish Network 
(R ) signals) pre-encrypted audio/video, nor does it effect comiEercial 
theater satellite broadcasts which are pre-encrypted, nor does it 
effect cable broadcast standards similarly pre-encrypted. The US 
Senate' s Leahy Judiciary Committee monitors the larger scope of US 
Copyright law in all forms besides just broadcast, cable, and phone 
line form, 
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The Electronics Industry Association (EIA) composed of commercial 
electronics and personal computer makers is sharply opposing tine 
Hollings bill as a boondoggle for attorneys with a floodgate of future 
lawsuits, a pitifully weak technological defense against outside of US 
legal jurisdiction foreign pirates and hackers (who will not even have 
time to get a pizza before the weak electronic protections of weak 
digital watermarks on music and simple minded broadcast flags on "over 
the air" broadcasts are removed by automatic computer programs) , and a 
major cost for consumer electronics manufacturers. The political 
reality agreed to by all parties is that the Hollings Committee Bill is 
a political scare tactic to get a better synergy of law/ technology out 
of the technical community to stop Copyright piracy in its numerous 
electronic forms. 

US digital direct broadcast satellite (DBS) service television 
signals (e,g. Hughes Communications (R ) Direct Satellite Service (DSS 
(R ), EchoStar (R )) is already sent in encrypted MPEG II compressed 
digital form for decryption by satellite set-top boxes with embedded in 
cryptographic memory family key (shared secret key) based hardware 
encryption (usually with no phone line connection [in older models 
without x pay per view' special event programming] to the set-top box in 
the US unlike in Europe) . This US satellite set-top box technology is 
unlike European satellite set-top boxes using satellite smart cards 
with phone line connections (see just below) » The US satellite set-top 
box decrypts the signal and converts it into unencrypted, analog NTSC 
form for display upon color televisions > The analog MTSC satellite 
signal may be recorded upon prior art analog, video cassette recorder 
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(VCR) players. The satellite set-top box decryption of encrypted 
digital satellite signals for conversion to and output of compressed 
digital MPEG X SDTV/HDTV signals for input into full digital 
televisions (with a built-in set-top box) and also for separate output 
of uncompressed digital modulated to analog (very high frequency analog 
R'G'B f ) form for playing upon digital television monitors will also 
introduce chances of digital signal theft by digital to digital 
recording, 

European all digital satellite channels are satellite transmitted 
in encrypted compressed digital form (compressed digital MPEG II which 
is not US HDTV/SDTV compatible) which is decrypted at the satellite 
set-top box for analog conversion to PAL, analog, audio/video TV 
signals (used in Great Britain and former British colonies) or SECAM, 
analog, audio/video TV signals (used in France or former French 
colonies) . European satellite set-top box conversion plans for wire- 
tappable output of both HDTV/SDTV compressed digital signals for 
digital television (with a built-in set-top box) input and uncompressed 
digital output also known as digital modulated to analog (very high 
frequency analog R'G'B' ) output for display upon digital monitors is 
unknown, European satellite set-top boxes have a standard phone line 
(very unreliable) input and standard satellite smart card slots and 
readers with the satellite smart cards used as a cryptographic mini- 
database of special customer programming watched which are polled at 
least once a month by the satellite company computer over a phone modem 
and phone line for subsequent computer billing to credit cards or over 
the mail, 
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In y- 2002, US cable channels are transmitted over coaxial cable 

in broadband or with mixed analog and digital channels. Analog NTSC 
output channels are used for backwards compatibility with the existing 
50 million US analog cable set-top boxes, [Encrypted] MPEG II 
compressed digital [modulated to analog for coaxial cable transmission 
(modulated or 'piggy-backed' digital) cable signals] are used with the 
new in y. 2002 US all digital cable set-top boxes. An all digital 
cable set-top box receives proprietary cable company format, 
raencrypted, compressed, fully digital, MPEG II signals (HDTV/SDTV MPEG 
X compatibility is not guaranteed) for decryption and analog conversion 
to NTSC signals for analog television display [ (clearer and brighter 
analog components video (separated) NTSC color (HSI color model), as 
well as the much less clear and bright analog composite video 
(combined) NTSC color (HSI color model) is accepted as audio/video 
input by computer monitor like digital displays which must do a color 
model/matrix conversion to (gamma corrected) digital R'G'B* before 
display).] US cable all digital set-top box conversion plans to output 
both unencrypted HDTV/SDTV MPEG X compressed digital signals and/or 
digital modulated to analog (very high frequency analog R'G'B' ) 
[computer monitor (S-video) output which gives the clearest and 
brightest picture of all, and/or unencrypted analog components video 
(HSCI color model separated NTSC signals), and/or the least clearest 
and least brightest unencrypted analog composite video (HSI color model 
combined color NTSC signals) ] for display upon digital television 
[ (with a built-in set-top box) ] or digital computer monitors [ (with an 
add-on set-top box of some form) ] is unknown. 
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The US FCC has mandated a y. 2005 deadline for US transition of 
all "over the air" television stations to full digital "over the air" 
broadcast of unencrypted digital , high definition television 
(HDTV/SDTV) signal formats for digital television display and also 
conversion to analog NTSC format (for backwards compatibility with 80 
million existing US analog televisions out of 60 million US 
households) . US "over the air" set-top boxes will input unencrypted 
HDTV/SDTV (compressed digital MPEG X formats of many aspect ratios and 
progressive/interleaving formats) captured from "over the air" antennas 
and output unencrypted full digital modulated to analog (analog R'G*B*) 
signals for digital monitor display and will separately output 
unencrypted HDTV/SDTV for digital television use (a digital monitor 
plus a built-in set-top box plus built-in digital tuner) » 

Any unencrypted digital signal and any such signal after digital 
to analog conversion (DAC) to its 1 st generation analog signal output by 
a set-top box can be easily wiretapped and pirated with two alligator 
clips and an all digital audio/ video recorder. A "real performance" 
stereo microphone fed digital tape recorder or hand-held digital video 
camera at a movie premier screening can easily make "acceptable", low 
video quality, effectively non-stereo even with stereo (2-channel) 
microphones, digital masters of any actual "played" audio or video 
output. A pressing need exists for a common solution technology for 
the common and quite general problems of encrypted digital media 
distribution and a common any type of set-top box which will help 
prevent digital media piracy. This invention addresses many of these 
common problems. 
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, Hughes Communication's (R ) and EchoStar's (R ) Direct PC (R ) 
provide direct satellite distribution service for the Internet which 
are popular and economic for rural area homes and businesses which due 
to sparse population induced economic inf easibilities, will never be 
serviced by fast broadband cable modem service (requires an existing 
cable system) and fast telephone line asymmetric digital subscriber 
line (ADSL} service (uses existing phone lines, but, phone lines must 
be of extremely high phone voice quality and also have a maximum range 
limitation of five miles from the phone company local office). The 
transmission control protocol /internet protocol (TCP/IP) internet 
protocol can use secret key encryption or public key encryption 
introduced at several TCP/IP protocol layers (e.g. secure sockets layer 
(SSL) , secure transport layer, secure IP layer) and also can use as 
digital data digitally compressed MPEG X signals. The downstream from 
the satellite data link is 384 Kilo bits/second and the upstreasa back 
to the satellite data link is 56 Kilo bits/second. 

The evolving field of Institute for Electronic and Electrical 
Engineers j IEEE) Standard IEEE 8Q2.11a/b/c/g, "Wi-Fi" or "wireless high 
fidelity" land coimaunications gives wireless radio, frequency (RF) 
internet service in rural areas directly competing with direct 
broadcast satellite (DBS) distribution service at various data rates 
from 10 Mega bits/second up to 100 Mega bits/second and from ranges of 
150 feet minimum out to a maximum range of up to twenty miles per 
home/business in rural areas. The "Wi-Fi" based internet service may 
be "skip stoned" from house to house and to business to house from a 
central rural town area which has direct fiber long distance phone 
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service from a long-distance telephone company local hub. The internet 
transmission control protocol internet protocol (TCP/IP) protocol 
signals are shared in a * skip- stoned' configuration and must be custom 
encrypted for each home- The full-duplex (downstream and upstream) 
IEEE 802 > lib data rate is 11 Mega bits/second with typical maximum 
range line of sight up to 15 to 20 miles. The much higher public 
access broadband frequency IEEE 802 .lie gives 100 Mega/bits second of 
full-duplex wireless Ethernet access through non-metal walls up to 150 
feet or 300 feet on a good day. 



In the late 1990' s, all digital commercial theater systems were 

announced using no movie film (e.g. Qualcomm' s Commercial Theater, 

Boeing Commercial Theater Services using what was originally military 

satellite technology for secret key encrypting digital military data 

for satellite uplink and downlink) . In addition, micro-mirror asodules 

(MMM) took digital audio/video signals directly for direct projection 

theater systems, A red micro-mirror, green micro-mirror, and a blue 

micro-mirror (digital RGB) are required to alter projected beams of 

red/ green, , and blue light. In commercial digital theater systems, the 

movie distribution companies must turn their unencrypted digital 

masters over to a trusted 3- c< * party movie distribution corporation (e.g. 

Qualcomm (R ) , Boeing (R ) ) . The 3 rd party corporation will pre-uplink, 

secret key encrypt the digital streaming video for passage from a 

broadcast hub over leased fiber phone lines to a geo-stationary 

satellite uplink station, after which it is satellite broadcasted over 

dedicated geo-stationary satellite bandwidth, and satellite down linked 
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to each local commercial movie theater. The downlink dish antenna 
produces an encrypted streaming video movie stream which is stored upon 
a theater held computer hard disk drive array in secret key encrypted 
form. At various repeating local theater show times, the encrypted 
digital video is personal computer read from the hard disk array, 
personal computer decrypted using projection hardware stored internal 
secret keys, personal computer accounting charge d to the theater with 
ticket attendance data used for movie distribution company and artists* 
royalties, personal computer shown by a fully digital, Micro Mirror 
Module (MME€) projection system upon a wide movie screen with different 
screen sizes, the fully digital audio track with up to 30 audio 
channels of theater type sound (e.g. [Dolby Surround Sound (R ) brand 
of theater sound system] ) goes to a theater sound system for digital 
decompression (e-g. Dolby Theater Sound (R )) and digital to analog 
conversion {DftO for the theater's 30 analog speakers, also digital 
multi-dimensional timing tracks are used for automatic theater lighting 
controls, intermissions and local advertising inserts. 

The digital theater systems have been very slow to catch on. The 
$100,000 to $150,000 cost per digital projector must now be born by 
theater owners who are reluctant to capitalize this huge expense (they 
make their profits mostly off of the refreshments stand and break even 
on ticket sales after payment of labor costs, rents, and royalties to 
the movie distribution firms) . The huge cost of $10,000 per movie reel 
for digital master duplication to analog copies and secured 
distribution to individual theaters might be saved by the huge movie 
distribution companies, but, the huge movie distribution companies are 
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loathe to fully commit to digital master distribution which .means that 
they must lose control of unencrypted digital masters (their "crown 
jewels") to a 3°* party corporation. Analog to analog copying is known 
to slowly produce degradation with every analog copy, so, analog copy 
x distribution is not a matter of major concern to the movie distribution 
companies. Even with standard family key cryptography systems (shared 
secret keys by many parties) of secret k ey encryption, movie 
distribution companies, fear that the family key will be obtained by 
hackers from an unattended digital movie projector leaving their 
"family crown jewels" in enemy hands* 

This invention will try to overcome the shortcomings of the 

mentioned prior digital theater art in several fields* There is a 
pressing need for general solutions/ for low cost solutions/ for open 
standards^ and for proprietary/ new technology solutions in these 
fields which will benefit both governments and industry. 
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Prior Art Discussion of Cable Channel 
Service Digital fledia Distribution 
Using Smart Cards 

In y, 2002, US cable company (CRBLECO) service set-top boxes also 
do not use inserted cable smart cards . Cable channels sent over 
broadband cable use of existing coaxial cable can have some pure analog 
channels (for backwards compatibility with 40 million existing US 
analog cable set- top boxes) and some pure digital channels (for use 
with emerging market US digital set-top boxes) as well as some channels 
dedicated to broadband cable digital internet use by home and business 
computers and also cable company digital billing services. The analog 
cable channels are broadcast in analog hardware circuit scrambled form 
which are analog hardware circuit de-scrambled at the older analog set- 
top box (for backwards compatibility with older analog set-top boxes) - 
The digital cable channels are broadcast in digital family key 
encrypted form over MPEG IV compressed digital channels (for newer 
digital set-top boxes) , The digital broadband cable internet service 
for home and business cable modems uses digital transmission control 
packet/internet protocol (TCP/IP) packet communications. All channel 
forms are supported by broadband cable service over coaxial cable. The 
family keys used for digital decryption are built into the newer cable 
set- top boxes using cryptographic memory. Older analog cable set- top 
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boxes used analog descrambling circuits which had secret circuit 
designs which were easily copied by cable pirate set-top box makers. 

A US cable company "pay per bundle" monthly service charge was 
preferred by US cable companies with a base monthly charge and added 
premium service charges > "Pay per view" or special sports and live 
concert event viewing was implemented by US cable companies by 
requiring customers to pre-event and pre-broadcast phone call in to the 
cable company service center to get payment debited for viewing » The 
"cable loop" was then used at' exact start of event or at start of 
broadcast by the cable company just like a local area network (LAN) 
connecting up to 30 US homes. The "cable loop" was used to 
specifically at exact start of event or start of broadcast to enable 
digital decryption on newer digital cable set-top boxes or else enable 
signal descrambling on older analog cable set-top boxes having analog 
hardware descrambling circuits. 

In older analog cable set-top boxes , a special secret analog 
signal was sent from the cable company at the exact start of a "pay per 
view" show to start hardware descrambling circuits for the specific 
"pay per view" channel , 
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Prior Art Discussion of Direct Broadcast Service 



(DBS) Digital Satellite 
Service's Digital Media Distribution 
Using Smart Cards 

In y- 2002, prior art of specific digital media distribution weak 

and strong cryptography systems using portable and removable smart 

cards are few. The European satellite smart card inserted into 

satellite set-top box systems for controlling common encrypted 

satellite compressed digital signals are not used in the United States » 

The United States uses direct broadcast satellite (DBS) digital service 

set-top boxes such as older Direct Satellite Service (DSS (R ) ) from 

Hughes Coresstanications (R ) which prefers the technique of "pay per 

service bundle" with a base monthly charge plus added premium levels of 

service monthly charges. The Hughes Communications service does not 

satellite broadcast local channels which must be obtained by some other 

add-on product when in most rural areas cable television service is not 

and will never be available for economic reasons. The only other US 

commercial service is offered by News Corporation' s Dish Network (R ) 

which differentiates itself by offering a single roof-top satellite 

dish having two to four feed horns with two to four separate signals 

going to two to four separate ^set-top satellite boxes.' The newer Dish 

Network (R j satellites also use a spot broadcast beam which satellite 

broadcasts local television stations from the nearest metropolitan 

area. "Pay per service bundle" implementation does not require 
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satellite smart card set-top boxes, "Fay per service bundle" is 
implemented in the US with permanently embedding family keys (shared 
secret keys) within newer digital satellite set-top boxes using 
cryptographic memory or tamper resistant non-volatile memory (TNV- 
EE PROM) which family keys in turn are used for decrypting entire 
channel groups of common encrypted broadcast signals- Some US 
satellite set-top boxes require phone company input for 56 Kilo 
bits/second modem use for real-time 2-way communications with the 
central satellite company billing office which can remotely activate 
"pay per biandle" service or even individual "pay per view" events like 
live sports broadcasts and premier feature movies. 

Older analog satellite set-top boxes used secret analog de- 
scrambling circuits which were often easily reverse engineered or made 
from stolen circuit diagrams. 

Two main commercial systems are used for controlling home viewer 

access to European satellite television service with 30 million 

European viewers. The two main European suppliers are Canal Plus 

Technologies (R ) with 12 million viewers and MPS (R ) with most of the 

remainder. Canal Plus Technologies (R ) is a division of French media 

conglomerate Vivendi Universal (R ) once controlled by Mr. Jean Marie 

Messier with smart cards purchased by Vivendi (R ) through an Italian 

subsidiary called Telepiu. Canal Plus' (R ) main coaspetitor was NDS (R 

) Corporation, a division of the huge News Corporation media 

conglomerate controlled by Australian financier Mr. Rupert Murdoch. ft 

much smaller third satellite smart card supplier is Swiss based 

Kudelski Group (R ) .' The main European entertainment fare media 
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protected by common encrypted transmissions of common MPEG X compressed 
digital video are "pay for view" soccer games , special music and stage 
concert events, and "XXX" pornographic movies. 

The three main European satellite set-top box and smart card 
systems are non-compatible systems based upon different secret and 
proprietary standards which use pre-encrypted and pre-computer 
programmed smart cards. The European satellite set-top boxes have 
satellite smart card slots and media ticket smart card readers as well 
as a phone line connection. A predominant design consideration for 
European satellite set-top boxes is that the European phone line 
service is notoriously bad having 99% reliability or 1/100 calls 
failing for reasons other than busy phone lines or nobody home (no 
99.999% AT&T reliability called 6 sigma reliability or less than 
1/100,000 calls failing for technical reasons other than busy signals 
or no answer) with no central phone standards across European 
countries , In y. 2002, the extremely bad European phone service is a 
main reason why smart cards are highly popular in Europe for multiple 
uses, since, real-time phone line connections cannot be relied upon 
(inexpensive magnetic strip cards are dependent upon highly reliable 
real-time phone connections) , European cable television service is in 
limited moiantainous areas with satellite service preferred. The 
European satellite smart cards are customer inserted into satellite 
signal set-top boxes. The smart cards keep in cryptographic memory 
(tamper resistant non-volatile electrically erasable programmable read 
only memory (TNV-EEPROM) ) both a secret computer billing program and a 
temporary secret mini-database record of what customer "pay for view" 
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shows are set-top box decrypted and watched. A periodic post-event, 
but/ pre-TOonthly billing, central distribution entertainment company 
phone connection computer once a month inquiry to the phone-line 
connected set-top box can read the smart card's cryptographic mini- 
database. Given the un- reliable European phone lines and lack of phone 
standards, this billing phone inquiry can be tried multiple times with 
only one successful connection needed per month. The satellite 
distribution billing office can then post-event, properly bill each 
customer over the mail or over the internet. 

In y. 2002, a US Federal District Court case filed by Canal Plus 
(R ) under the US Copyright laws and the US Digital Millennium 
Copyright Act of y, 1998 alleges that the Canal Plus satellite smart 
card was infiltrated by a US 50 million dollar industrial and 
scientific espionage effort led by its rival NDS (R ) through NDS 
Corporation's main scientific lab in Haifa, Israel. In y. 2002, the 
Canal Plus (R ) satellite smart card's actual secret embedded source 
code had even been showing up on hacker Web sites . In y. 1999 j three 
years after market introduction), the Vivendi Universal (R ) satellite 
systems had been plagued in Europe with up to a ratio of 3 to 1 illegal 
over legal Canal Plus (R ) satellite smart cards used freely over paid 
legal satellite smart cards. 

This form of satellite service smart card for a satellite set-top 

box is very different in purpose and implementation from the purposes 
of this invention. 
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SPECIFIC US PATENT PRIOR ART ON 
PUBLIC KEY CRYPTOGRAPHY 
MEDIA DISTRIBUTION SYSTEMS 

Prior Art Patent Discussion On 
Smart Cards 

Many US Patent and Trademark Office (USPTO) and European Patent 
Office (EPO) patents have already been issued for smart cards, smart 
cash cards and distribution systems, smart phone cards, and smart 
voting cards. Smart cards have been extensively used in Europe for 
over fifteen years . 

Smart cards have progressed rapidly in Europe in commercial and 

government uses despite their high relative cost (currently $15.00 US 
dollars retail price) compared to magnetic strip cards (currently $0.50 
US dollars retail price) due to the poor reliability phone systems in 
Europe and the lack of central phone standards while the United States 
has always enjoyed reliable telecommunications and national phone 
standards. Magnetic strip cards require a reliable standardized phone 
system for real-time use. 
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In y. 2002, Monx (R ) has many European Patent Office (EPO) 

patents on a system of forwards and backwards traceable cash passed by 
automatic teller machines to smart carcl to smart card to smart card 
back to automatic teller machine, DigiCash (R ) has many patents for a 
non-compatible system of auditable cash transfer. Both electronic cash 
systems allow full tracing of transactions with a single point failure 
or in other words if any one smart card in a transfer chain is 
completely lost* The mathematics of this strong cryptography and 
secure hardware is very complicated and error prone. 

In y, 2002, Sun Microsystems (R ) has patents on Java (R j 

virtual machine (VM) architectures for smart cards. In y. 2002, these 
smart card systems are used for electronic cash and credit card systems 
by the US Army which is aiming for a "paperless office." Some systems 
also provide "card key" or access smart card types of security systems 
for US Army bases and US Navy aircraft carriers. The Java (R ) smart 
security card can internally store a digital fingerprint model for 
comparison with the user's index finger inserted into a smart card 
reader attached to a personal computer, 

"Java Smart Cards" are slow due to the firmware interpreted virtual 
machine (¥H) architecture- In y. 2002, the Java Smart Cards have been 
found to be bug prone giving hacker access to many **secure" card key 
access systems. 
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In y. 2002, American Express has issued its "Blue" smart credit 

card. This "Blue" card can internally store small amounts of 
electronic cash and otherwise functions as a more secure form of credit 
card than the older magnetic strip credit cards- A photo- 
identification is printed on the front along with a visible light laser 
holograph. Internal storage of a digital fingerprint is done, but, 
currently is not widely used yet in the US due to a lack of fingerprint 
reader stations. 
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Registered US Patent No. 6,367,019 
Issued to Ansell, Steven T, , et, al., 
et. Schneier, Bruce 
Assigned to: Liquid Audio Inc. 
Issue Date: XX/XX/XX 
Filing Date: XX/XX/XX 

US Patent Mo. 6,367,019 [REF 10] also called the "Schneier 

portable music format patent" is a method of using a session key (one- 
time secret key) taken from the digital music which is used to custom, 
encrypt the distributed digital music and then the session key in tuna 
is encrypted with a unique per owner family key (coiroon pre-regis tered 
secret key only known by the media distribution company and also 
authorized hardware for one owner) for internet distribution of the 
encrypted session key downloaded along with the encrypted media. The 
custom, encrypted media with encrypted session key can thus be played 
only in an authorized media music player which has a unique per owner 
family key to decrypt the session key which in turn is used to decrypt 
the custom, encrypted digital media. The unique per owner family key 
can be coion among the owner's several authorized digital media 
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players assuming some method of pre-installing or else customer 
portability and injection of the common key from and to his common 
media players (such a method is specified) . The unique per owner 
family key is the same key exposed to all digital media distribution 
vendors # since the session key (1-titae secret key) used to encrypt the 
digital media must be distribution vendor encrypted with the family key 
before being placed into the down- load digital media. Digital media 
distribution vendors are all fully trusted members of the system with 
access to all *crown jewel' *plain text (decrypted) ' digital masters of 
every participating vendor , and have access to all customer family keys 
in a shared secret database. 

The encrypted session key (one-time use secret key) varies for 
each customer and furthermore varies for each customer 1 s music piece. 
A message authentication cipher (MAC) which is a message digest cipher 

(MDC) with a secret initialization vector (IV) can be computed for the 
digital media to produce an output fixed bit (e.g. 256-bit) MAC code. 
The MAC code can be session key encrypted to form a data integrity 

(wholeness or non-tampering) check also called a secret key digital 
signature. The session key encrypted MAC code can be optionally 
included as an integrity check in the downloaded custom encrypted 
digital media along with the unique per owner family key encrypted 
session key. Prior art serial data buses are mentioned as a non-secure 
way to transport cryptographic keys from a personal computer used for 
internet download to one authorized portable media player to another. 
Smart cards are mentioned in the patent as a cryptographically secure 
vessel for customers to transport the unique per owner family key and 
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unencrypted session key around in for injection into all of a 
customer's authorized media players. 
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The Schneier portable music patent is defective under the 
inventor's cryptoana lysis in several regards which will render roulti- 
million dollar music digital masters available to hackers within two 
months of release > 

1) » The unique per owner family key encrypted session key is 
not serial numbered or time stamped for customer portability and 
injection into other media players rendering the key definitely 
breachable by a known hacker attack called a "recorded replay 
attack" in which the hacker does not even need to family decrypt 
the session key. The hacker merely records the whole unique per 
owner family key encrypted session key or removes it from the 
download media. The whole recorded unique per owner family key 
encrypted session key is hacker distributed along with the recorded 
session key encrypted media and replayed on the common unique per 
owner family key media players. Whichever media players have a 
unique per owner family key (common secret key) can thus use the 
"recorded replay attack" recorded unique per owner family key 
encrypted session key without ever needing to unique per owner 
family key decrypt the session key. The unique per owner family 
key held in prior art electrically erasable programmable read only 
memory (EE PROM) is vulnerable to any hacker using a pin-prober or 
else an in-circuit emulator (ICE) . What is required is the use of 
tamper resistant non-volatile electrically erasable programmable 
read only memory (TNV-EEFROM) which detects pin probers by 
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impedance loading and automatically erases its cryptographic 
memory, 

2) . The use of prior art serial data buses to transport non- 
pass- thru encrypted cryptographic keys is vulnerable to wiretapping 
which makes the cryptographic keys totally exposed to any hacker 
attacks thus revealing multi-million dollar digital masters - 

3) . The use of smart cards to receive non-pass- thru encrypted 
cryptographic keys which are also not public key encrypted or 
secret key encrypted to make them unique for a single customer or 
vendor means that any hacker can insert his own smart card and use 
and even read the deposited unencrypted cryptographic keys, 

4) . The use of only one unique per owner family key (common 
secret key) restricted to all authorized vendors of music and all 
authorized vendors of media players means that all vendors must 
trust each other, A cheating vendor can leak out multi-million 
dollar digital masters owned by another vendor - One vendor losing 
or having the single system unique per owner family key lost or 
stolen will compromise the entire system including every vendor's 
multi-million dollar digital masters. This type of attack has 
already occurred with the hacker group "Anathema's" attack upon the 
known weak hardware based duo-linear feed-back shift register (duo- 
LFSR) system used in the Content Scrambling System (CSS) for 
digital versatile disks (DVD's). 
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5) . The use of non- cryptographic micro-processors (u-P'sl) 
and non-cryptographic digital signal processor's (DSP's) inside of 
the portable music player to decrypt the custom encrypted digital 
music with the session key (1-time secret key) means that a skilled 
chip hacker using pin-probers, in-circuit emulators (ICE), or logic 
state analyzers will easily pick out the unencrypted cryptographic 
keys for his own use and distribution. 

6) . The absence of play counts to control the paid for number 
of plays, -1 for indefinite plays, or counts of free trial plays. 
Any Schneier authorized media player with a unique per owner family 
key and appropriate session key can play the media an infinite 
number of times. The Schneier authorized media player also has no 
method to restrict its infinite plays to a fixed number of plays as 
in 10 free trial music plays. 

7) . The "fair use" or legal US Copyright protected right of 

homeowners to make one or two copies of US Copyrighted media for 

their own use and legal archiving is not supported. Even having a 

single copy of encrypted media work both at a home CD-R player and 

in a car CD player is not permitted which is "fair use." The 

encrypted media can be owner copied an unlimited number of times. 

However, the matching unique per owner family key encrypted session 

key is kept in a Schneier portable media player's memory. If the 

Schneier portable media player is lost, stolen, or of disputed 

ownership, thousands of dollars worth of custom encrypted media 

recordings will be unplayable. If the matching unique per owner 

family key encrypted session key is kept in a single media ticket 
" — - — - ^ 1 - - " ~ ioo of 737 ■ ^ ~~ " ~ ~~™' ■ 



smart card for portability and injection into a portable media 
player's memory, no method is specified for handling defective, 
lost, stolen, or disputed legal ownership media ticket smart cards, 

8) . The "first use" or legal US Copyright protected right of 
homeowners to sell" or completely transfer legally owned US 
Copyrighted media to another person is not supported. The 
encrypted media can be owner copied an unlimited number of times. 
However, the matching unique per owner family key encrypted session 
key is kept in a Schneier portable media player 9 s memory. The 
Schneier portable media player with all of its matching custom 
digital media can be sold or given away in entirety as a matched 
set. If the matching unique per owner family key encrypted session 
key is kept in a single, media ticket smart card for portability 
with injection into the portable media player's memory, the media 
ticket smart card can be sold along with the custom encrypted 
physical media. No method is specified for handling defective, 
lost, stolen, or disputed legal ownership media ticket smart cards, 

The inventor's patent avoids all of these hacker attack points by 

offering a cryptographically sound digital media distribution system 
using strong cryptography and all cryptographic hardware based key 
containment. The inventor's patent uses serial numbers to stop 
recorded replay attacks which is a known technique where a digital 
clock is not universally available for the alternate time stamp 
technique. The inventor's patent restricts cryptographic keys to 

101 of 737 



cryptographic memory and cryptographic hardware with pass-thru 
encryption used across all wiretapable or "red" computer buses, 

^ The inventor's patent supports "play codes" which are session key 

or 1-time secret keys and "play counts" which are paid for numbers of 
plays, -1 for infinite plays/ or counts of free trial plays which 
furthermore are: 

lstly, vendor digitally signed (with a unique vendor private key) 
with an added sequence number , 

2ndly, unique vendor secret key encrypted, and 

3rdly f uniquely customer private key encrypted, and 

4thly r media ticket smart card system family key encrypted in order 
to restrict play counts to one vendor and one customer which allows 
accounting functions for the media > 
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Reg istered US Patent No. 5,315,658 
Issued to? Mieali/ Silvio 
Issue Date: 
Filing Date ^ 

Registered US Patent No. 5/315,658 [RBF 300] develops a "fair and 
fail - safe key escrow" system after a "subliminal channel'' wao found it * 
hio previous "fair key escrow" of US Patent No, 5/276/737, A 
subliminal channel wao found in hie key oplitting and key cscrew 
technique for Dif f ic ~ Hcllman (R) in hio first Dif f ic - Hcllman (R) "fair 
escrow" patent. A "subliminal channel" allows a user to send a totally 
concealed and undetectable message (which might even be the full 
private key) to the key escrow parties or the public key distribution 
authority. The "fail - safe key escrow" system eliminates thj-& 
subliminal channel. 

My patent optionally uses key escrow of which a specific use can 
be Micali key escrow for cocrowing cryptographic keys for the purposes 
of customer lost or stolen keys, customer disputes over legal key 
ownership/ and court orders to retrieve split keys for use by law 
enforcement. 
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Registered US Patent No. 5/276/7 33- 
Issued to; Micali/ Silvio 
Issue Date; 
F Ming Date; 

Rcgiotcrod US Patent No, 5,276,737 [REF 3041 has been iasmcd to 
Silvio Micali for a opccific public 3ccy cryptography based oyotcm of 
key cocrow using split keys in a system known as "fair key escrow". 
Now transferred to Banker's Trust of New York with a license purchased 
by the National Institute of Standards and Technology's (NIST's) 
Clipper and Capstone cryptography projects* The "fair crypto - systcms" 
allow Diffic - Hcllman (R) [REF 6] and RSA (R) [KEF 5) algorithm users to 
do private key splitting of keys into key pieces and private key piece 
escrow with various key escrow parties under supervision of a pub lie 
key distribution authority in a specific mathematical manner with nice 
legal objectives. This specific tcchnigue using allows the key 
distribution authority to verify the split key pieces held by the 
various key escrow parties without disclosing of the full private key 
to any one party/ which is quite a neat trick. The Dif f ie - Hellnion (R) 
fair escrow technique uses discrete logarithms computed on split key 
pieces. The RSA (R) fair cocrow technique uses Blum integers. The 
split keys in an RSA (R) fair escrow technique is also combined with a 
fl e xible/ naajority voting scheme which requires any three out of five 
escrow parties to combine private key pieces before a full private key 

V 1 \ 

ig formed, 
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This proposed patent optionally uooo key escrow of which -a 
specific use can be Micali Jcoy escrow for cscrowing cryptographic key& 
for the purposes of customer loot or otolcn keys/ cuotomcr disputes 
over legal key ownership settled by court order/ and court orders to 
retrieve split keys for use by law enforcement. 
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Registered US Patent No. 5/231, 6 £& 
Issued tor KravitZ/ David 
Ioouc Bator 
Filing Date: 

A Registered US Patent Number No. 5/231/668 [RBF 308] has been 
iooued to David Kravits formerly of the US National Security Agency for 
the digital signature algorithm (PSA) . This patent doer* only digital 
signatures and not encryption decryption/ or cryptographic 3cey 
exchange s 
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Registered US Patent No. 4,405; 829 
looucd to: Rivcot/ Shamir, and Adlcman (RS Af 
Ioouc Date; 
Filing Date: 

A Registered US Patent Number No. 4/ 405/929 [REF 316] hao been 
iooucd to Rivcoty Shamir^ and Adloman ( RS A.) / now transferred to Public 
Key Partners { R ) , for the RSA public key crypto logy algorithm* A 
public key cryptography environment and different architectures baaed 
upon RSA |g protected by thio patent. This patent expired in y. 1 9#9 
and RSA {R) is now in the public domain. 
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Rcgiotcred US Patent No, 4 #2Q0/77 -& 
Issued tor Diffio/ Winn & 
Hellman/ Martin 
Isaac Dates 
Filing Date; 

A Registered .PS Patent Number No~ 1/200/770 (Biffic/ Hollm aft 
public key exchange algorithm) [REF 320] has been issued on TBD for the 
first proven public key cryptography key exchange algorithm. 
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SUMMARY 



A new process or methods of systems invention of cryptographic 

architecture for electronic distribution of custom encrypted digital 
media x>ver the internet for deposit upon physical media or for direct 
physical , commercial physical distribution of custom encrypted digital 
media which uses internet updatable media ticket smart cards holding 
play codes (session keys or i-time secret keys) and play codes (paid 
for numbers of plays, -1 for indefinite plays., or counts of free trial 
plays) which physically distributed "f ootprint downloaded" digital 
media and media ticket smart card is inserted into a cryptographic 
media player with a built-in media ticket smart card reader for 
pla ying > 

A 1st alternative embodiment invention of a custom encrypted high 

definitioss television (HDTV.) or standard definition digital television 
(SDTV) signal transmitted "over the airwaves", or else transmitted over 
fast digital broadband cable modem lines, or else transmitted over fast 
digital broadband asymmetric digital subscriber phone lines (ADSL) , or 
eise transmmitted over direct satellite service (DSS) systems or else 
transmitted over "wireless Ethernet" "stone skipped" systems to homes 
dr businesses "With a cryptographic media player set-top box wTth a 
built-in media ticket smart card reader with a properly matched media 
ticket smart card which in turn is connected to a digital 
television/digital audio/digital video recorder. The HDTV/ SDTV signal 
may have enmbedded MPEG II extensions for very efficient background data 
or cryptography "silhouette-like* technique electronic television guide 
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• Information using a spreadsheet or matrix type of graphical user 
interface (G01) which will give a digital picture in the picture (PIP} 
electronic television guide display and means of future program 
recording. 

A 2nd alternative embodiment invention of a rack of digital 

versatile disl^CjggpjL^^^ versatile disks which are 

vendor pre-programmed and physically distributed custom encrypted 
digital medium played upon a movie cryptographic media player/digital 
versatile disk drive/micro-rairror machine module (MB#£) / theater 
projection and sound system with a built-in media ticket smart card 
reader with an inserted proper media ticket smart card. 
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OBJECTS & ADVANTAGES - vs. PRIOR ART 



A. An object of this invention is to support physical and electronic 
internet ^downloaded" distribution of custom encrypted digital media 
limited to digital music, digital movies, digital newspapers, and 
digital books (not including digital computer programs, digital 
computer games, and digital computer multi-media) Igcc REFERENCES — 
NON - PATENT LITERATURE [REF 500] — - "The Secure Digital Music Initiative 
(SDMI) w ) for Splaying" or decryption of the portable media upon special 
cryptographic media players. 

Napster (R) and Gnutella (R) types of peer to peer web music 
distribution services of movie picture electronics group (MPEG 1 audio 
layer 3 also called MP3) compressed digital music files allow customers 
to widely distribute illegal, copyright protected media. The MP3 files 
are customer created at home personal computers reading non-encrypted 
music compact disk sources. The music digital master on the compact 
disks are totally unprotected from illegal copyright piracy. 

. B. An object of this invention is to use only one media ticket smart 
card per owner of the corresponding digital media from many different 
media distribution vendors of digital music, digital movies, electronic 
newspapers, and electronic books. 
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One media ticket smart card per music company or one media ticket 
smart card per item of music will be burdensome and confusing to the 
customer. 

Prior art floppy based or dongle based or keychain based 
cryptographic key storage was matched one to one with a piece of 
encrypted data. 

C. An object of this invention is to allow the owner's one media 
ticket smart card to be used with any owner's cryptographic media 
player [REF 508] . 

Having one media ticket smart card matched to only the owner's single 
cryptographic media player [REF 50 8 ] will be confusing and limit the 
choice of players. 

An object of this invention is to stop the use of any unauthorized 
digital copying of digital media* J 

Napster (R) types of peer to peer web music distribution services of 
movie picture electronics group compressed digital music files (MP3) 
which allow customers to widely distribute illegal, copyright protected 
media. The MP3 files are customer created at home personal computers 
(PC's) reading non-encrypted music compact disk (CD) sources. The 
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music digital master on the compact disks are totally unprotected from 
illegal copyright piracy. 

Taiwanese music piracy operations routinely legally copy music 
cassette tapes, music compact disks, and movie video cassette tapes for 
overseas distribution into countries not in the international copyright 
convention. The unencrypted music and movie analog and digital masters 
are vulnerable and not technologically protected. 

E. An object of this invention is to restrict one digital media 
distribution company* s unencrypted digital masters only to itself and 
absolutely no other party especially prohibiting access by any other 
competing digital media distribution company . 

F. An object of this invention is to allow play counts or count 
controlled plays or counted decryptions of custom encrypted media 
including counts of free trial media plays. 

Unencrypted digital media can be used an unlimited number of 
times and allow unlimited perfect copying of digital masters for 
distribution to unlimited numbers of people. 

G. An object of this invention is to provide all public key 
cryptography legal attributes such as: 
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1) . authentication (like an exchange of photo ID f s or 
thumbprints) 

2) * encryption/ decrypt ion (for privacy) 

3) . integrity (wholeness or non-tamper ing) 

4) . digital signatures (like handwritten signatures) 

5) . non-repudiation (denying digital signatures) 

6) • authorization (approval using digital signatures and dating 
or official post marks) 

7) . archiving (storing digitally signed documents in a high 
integrity environment) 

8) . accessibility (restricting access to authorized users) 

9) „ audit trail (recording accesses to information with public 
key ID's, dates, times, and locations) 

10) - play counts/play codes for counting paid for and authorized 
personally encrypted digital media plays and for decrypting them 

11) - crypto key splitting and key escrow. 

12) . crypto key administration and key architectures. Digital 
media without encryption cannot implement these legal attributes. 
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H. An object of this invention is to support pass- thru encryption of 
cryptographic keys called play codes (session keys or 1-time secret 
keys) and play counts (paid for numbers of plays, -1 for indefinite 
plays , or counts of free trial plays) for their trip from a media 
distribution coinpany * s central web server over the open internet to a 
customer's personal computer over wiretapable buses to a secure, 
cryptographic memory inside of a smart card which is inserted into a 
media ticket smart card reader attached to the same personal coissputer- 

Prior art cryptographic systems have relied upon secure sockets layer 
(SSL) types of public key distribution. Secure sockets layer does not 
store cryptographic keys in cryptographic memory. It also does not use 
pass-thru encryption over wiretapable computer buses- Secure sockets 
layer is vulnerable to hacker cryptographic algorithm disassembly 
attacks, logic analyzer attacks, hard disk copying and automated 
password decryption on hard disk hacker programs, keyboard capture 
buffers, etc. 

I* An object of this invention is to support physical transfer of 
encrypted digital media in the form of digital versatile disk 
read/write (DVIMRW (R) , DVD+RW (R) ) , compact disk record once (CD-R 
(R)), and bank programmable solid state memory cards (FLASH (R) ) and 
also the physical transfer of media ticket smart cards from a 
customer's personal computer (PC) to a cryptographic media player [REF 
508] (e.g. crypto-MP3) into which both are inserted. 

J. An object of this invention is to support pass- thru encryption of 
cryptographic keys in the form of play codes (session keys or 1-time 
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secret keys} and play counts (paid for numbers of plays, -1 for 
indefinite plays, or counts of free trial plays) from a media ticket 
smart card Inserted into a media ticket smart card reader built-in to a 
cryptograpMc media player [REF 508] for transferring such keys over 
wiretapable ("red") computer buses to a cryptograpMc digital signal 
processor limit [KEF 500] , having its own tamper resistant non-volatile 
electrically erasable programmable read only memaory Which processor is 
contained inside of the cryptographic media player [REF 508] „ 

Examples are pass-thru, encrypted, transfer of keys frojnni smart cards 
to media ticket smart card readers (using media ticket smart card 
reader vendor family keys) to cryptographic-DSP's CBsing cryptographic- 
DSP vendor family keys) * 

K* An object of this invention is to support an optional 
citizen/customer media ticket smart card authentication triangle 
between the three points of: 

point 1, customer A to (identified by a 1 st Means of a 
pas sphrase/pas scode , a 2 Ttd means of a bio- identification smch as a 
digital fingerprint, a 3 Di means of a password with pseudorandom 
noise mixed in}, to 

point 2, media ticket smart card A holding a customer, or user's 
private keys, secret keys, password with pseudorandom noise mixed 
in, bio- identification such as a digital fingerprint, session keys, 
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play codes, and play counts to prevent the use of stolen media 
ticket smart cards , to 



point 3, cryptographic media player [REF 508| » 



Any one of the three points which are detected as unauthorized will 
stop the media ticket smart card read/ write process* 

L. An object of this invention is to support a cryptographic media 
authentication triangle between the three points of: 

point 1, a copy of 1-way transferred and custom session key 
encrypted digital media, to 

point 2, media ticket smart card holding a customer, or user's 
private keys, secret keys, session keys, play codes, and play 
counts, to 

point 3, cryptographic media player [REF 5081 - 



Any one of the three points which are detected as unauthorized will 
stop the custom encrypted digital media playing process - 

ML An object of this invention is to support legal "fair use™ of TO 

copyrighted encrypted digital media or the archiving of two to three 

copies for personal use. The purpose of "fair use* is to allow for 

recovery in case of accidental damage, theft, fire, flood, natural 
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disaster, legal archiving, disputed legal ownership (as any diwrced 
person will recognize) , or one or at most two convenience copies in 
multiple locations used by the legal owner. Legal *fair use" also 
supports a home set of media and an auto set of media - 

N. An object of this invention is to support legal "first use* of OS 
copyrighted encrypted digital media or the right of one person to sell 
or transfer In entirety the encrypted digital media to another person* 
and transfer only relevant media ticket smart card cryptographic keys 
to the other person's media ticket smart card. 

0. An object of this invention is to support lost and stolen media 
ticket smart cards. 

P. An object of this invention is to support non-copyrighted 
commercial -material, home produced material, and previously recorded, 
prior art, mon-encrypted digital Copyrighted material by allowing 
unlimited unencrypted plays of the media. 

Q. An object of this invention is to prevent use of this 

strong cryptography system of software and hardware by terrorist forces 
and countries which are enemies of the United States for Military use 
of Command, Control, Communications, Computers, and Coordination (CCOCC 
or C Five) • 
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R. In tine 1 st alternative embodiment, an object of this invention is 
to support custom encrypted MPEG X audio layer 3 (MP3) compressed 
digital audio, custom encrypted digital standard broadcast (SDTV) , and 
digital high definition *big screen'' television (HBT¥) in digital "over 
the air** transmitted signals, or else cable distributed digital signals 
using high speed broadband cable modems, or else phone line distributed 
signals using high speed asymmetric digital subscriber line (ADSL) 
broadband modems, or else direct broadcast satellite (DBS) service 
transmitted signals, or ^wireless Ethernet" Institute for Electrical 
and Electronic Engineers Standard 802.11c (100 Mega bits/secondj 
transmitted '"skip stoned" signals, which are ail custom decrypted US'JJBwjf 
a cryptographic set- top box with a built-in media ticket smart card 
reader with an inserted matching media ticket smart card which is 
further attached to a digital television monitor- A digital television 
merely has a built-in set-top box of some form. The set-top box may 
have an additional attached audio/video digital recorder of some form 
or some le^el of intelligence. 

The HDTV/ SDTV signal may have a non-standard MPEG II extension for a 
very efficient cryptography "silhouette-like" technique background 
scene cutting and replacement method of introducing electronic 
television guide digital data. The digital picture in a picture will 
present the electronic television guide data in a spreadsheet style or 
matrix style of graphical user interface (GUI) for current program 
selection and future program recording. 
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S. In the 2 nd alternative embodiment, an object of this invention is 
to support a high performance, movie cryptographic media player/micro- 
mirror machine module (MMH) for commercial movie theater use. 



Z. Further objects and advantages of my invention will become 
apparent from a consideration of the drawings and ensuing description 
of it. 
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BRIEF DESCRIPTION OF DRAWINGS - All Embodiments 



Fig* 1 is a pyramid showing the layered design of the full proposed 
cryptographic system and where the media ticket smart card and jrodia 
ticket smart card custom encrypted digital media distribution public 
key cryptography architecture is suggested as an embodiment - 

Fig. 2 is a circuit block diagram of a prior art cryptographic 

microprocessor unit found in a prior art smart card- 
Fig. 3 is a circuit block diagram of a prior art sssedia ticket smart 

card (212J . This is used for secret key and private key secure 

containment and physical transportation. 

Fig. 4 is a circuit block diagram of a prior art media ticket smart 
card reader attached to a personal computer. 

Fig. 5 is a circuit block diagram of a cryptographic digital signal 
processor (C-DSP) (932) future patent pending [REF 500] . This is used 
for doing hybrid key cryptography which is both public key cryptography 
and fast hardware based secret key cryptography inside of a digital 
signal processor processing digital signals in a cryptographically 
secure environment. 

Fig. 6 is a circuit block diagram of a cryptographic media player, 
future patent pending [REF 508] with a built-in media ticket siaart card 
reader. 
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Fig* 7 is a unit block diagram of the 1st alternative embodimejQt of a 
universal input cryptographic set-top box for encrypted or "cipher 
text" high definition television (HDTV) /standard definition television 
(SDTV) signals coming "over the airwaves", by cable system, by phone 
system, by satellite, or by IEEE 802.11c wireless Ethernet - connections* 

Fig. 8 is a circuit block diagram of the 1st alternative embodiment 
of a universal input cryptographic set-top box for encrypted or "cipher 
text" high definition television (HDTV) /standard definition television 
(SDTV) signals coming *over the airwaves", by cable system, by phone 
system, by satellite, or by IEEE 802.11c wireless Ethernet connections. 

Fig. 9 is a circuit block diagram of the 2nd alternative embodiment 
of a cryptographic micro mirror module (MMM) commercial movie theater 
system. 
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LIST OF REFERENCE NUMERALS - All Embodiments 

100. media ticket smart card custom encrypted digital media public 
key cryptography federated architecture. 

104. media ticket smart card system authority {party S) : 

108. central public key generation authority (C-PuKGA) (party G) , 

112. central public key distribution authority (C-PuKDA) (party OJ , 

MOTE: also called a central public key certificate 
authority (OCA) , 

116. central public key distribution authority database ID nuniifoer 
N (media ticket smart card system authority controlled or 
administered) (C-PuKDA-N) , 

N = 0 is reserved for the US government, 

N > 1 is used by a foreign government, 

120. central public key distribution authority key escrow agent A 
(C-PuKEA-A) (party El), 

124. central public key distribution authority key escrow agent B 
(C-PuKEA-B) (party E2) . 
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128, digital media distribution vendors (party V). 

160* l~way transfer and custom session key encrypted copyrighted 
digital media in data form (movies, videos, music, newspapers, books) 
which may be digitally compressed MPEG IV audio/video files or 
digitally compressed MPEG I audio layer 3 (MP3) missic files. 
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PARTS OF 1 ALTERNATIVE EMBODIMENT ONLY: 

700. universal "over the air," cable line, phone line ADSL, 
satellite, and Institute of Electrical and Electronic Engineers 
{IEEE | 802.11c HDTV/SDTV signal set-top boxes {1st alternative 
embodiment) with embedded crypto digital signal processing (O 
BSP) umits {932) : 

704. radio frequency (RF) antenna input {broadcast 
airwaves), 

705. micro-wave radio frequency (RF) direct satellite dish 

input, 

706. IEEE 802.11c wireless Ethernet "Wi-Fi" "skip-stoned" 
input, 

707a. modulated digital coaxial cable input (cable companies 
(CABLECO f S)J, 

707b. modulated digital fast asymmetric digital subscriber 
line iADSL) modem, twisted pair, copper, phone line input 



(telephone companies (TELCO'S)), 
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708a, radio frequency (RF) to intermediate frequency 
(IF) dovm-coiiver s ion circuitry, 

708b. analog to digital circuitry fADC) , 
708c. digital tuner, 

708d. video RAM for "picture in a picture (PIP) " 

digital display of the electronic television guide data 
(extracted by added circuitry to the secret key decryption 
circuitry from the new cryptography "silhouette-like" technique, 
non-MPEG X standard, extension to the MPEG I, II, or MPEG IV 
standard audio/video signals), 

708e. audio output digital to analog converters (MC's), 

708f. line amplifiers, 

708g. 5.1~channel theater analog audio system 

output of 5 units of tweeter, mid- range, and woofer and 1 unit 
of stand alone deep-bass woofer unit, 

709a. video output RAM digital to analog converters 

(RflMBAC's) , 

709b. line amplifiers, 

709c. HDTV/SDTV video output which is artificially 
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digitally degraded by the MPEG X de-compression circuitry 
and converted to modulated digital UXGA computer formats 
for computer monitors and digital television monitors, 

709d. % *cipher text" compressed digital MPEG IV audio/ video 

digital output for digital recording in DVD-RW (R) , or DTO+RW R) 
drives with media, 

709e. enhancement option) ^cipher text" compressed 

digital MPEG TV audio/video digital output for digital recording 
on bank programmable memory cards (FLASH EEPECM) , 

709f . matrix transform circuits for digital MPEG X yellow 

CY) , cobalt blue (Cb) , chromium red (Cr) color model (YCbCr) 
signal conversion to various analog composite video signal 
formats such as NTSC (US , Japan, and US colonies) , PAL (Ohited 
Kingdom and UK colonies), or SECAM (France and French colonies)!, 

709g. radio frequency (RF) modulated artificially 

digitally degraded analog output for injection into prior art 
analog NTSC, PAL, SECAM televisions, 

709h. s- video or analog non-composite video output and 

conversion circuitry, 

711. infrared remote (IR) control unit 
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712. Infrared remote (IR) control circuitry 

715. has a built-in media ticket smart card reader, 

716. has a built-in toggle field with liquid crystal 

display (LCD) and controls for up to 10 alpha-numeric characters 
for passphrase/passcode entry, 

717. (future option) has a built-in bio-identification 
unit and interface circuitry such as a digitized fingerprint 
reader, 

718. (convenience option) has a built- in digital 

recorder and interface circuitry such as a digital versatile disk 
read/write (DVD-RW (R ) or DVD+RW (R )) drive, 

719. (convenience option) with a broadband cable 

modem or broadband ADSL Internet connection cam have an upgraded 
cryptographic digital signal processor to a cryptographic strong 
advanced risk micro-processor (strong-ARM) for a Web television 
type of set-top box with a keyboard input port. 
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PARTS OF 2 ME> ALTERNATIVE EMBODIMENT ONLY: 

720 . external micro-mirror module (MMM) movie theater players 
(2nd alternative embodiment) with embedded crypto digital signal 
processing units (932) : 

721. micro-mirror module (MMM) with three digital micro- 

mirrors for red, green, and blue projection lamps, 

722. digital versatile disk (DVD) movie set input, 

{four or more double sided, double density DVD disks or at least 
two disks per intermission), 

724. theater projector light output (red, green, bluej from 
three micro-mirror module (MMM) units and three color 
projection lamps, 

726. 30-channel theater sound analog audio system output 
ra-dimensional theater experience digital output, 

727. 30 units of speakers for movie theater theater-type 
sound, 

730. has a built-in media ticket smart card reader, 
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732. lias a built-in toggle field with liquid crystal 
display (LCD) and controls for up to 10 alpha-numeric 
characters for passphrase/passcode entry, 

734. (future option) has a built-in bio- identification unit 
such as a fingerprint reader, 

740. digital timing and control outputs for multi- 
dimensional sensory units such as seat vibration units, 
olfactory (smell) units, special effect colored laser lights 
and displays, special effect explosions, automatic theater 
drapery and light timing controls, 

744. seat vibration unit digital control line, 

748. seat olfactory unit digital control line 

(e*g- perfume, gunpowder, cologne, cigar smoke, flowers, dust, 
etc.), 

752. society of motion picture and theater entertainment 
(SMPTE) sound and light, automatic theater drapery, serial data 
command and response control and high rate digital serial timing 
line, 

756. automatic drapery timing unit needing digital 

clock synchronization to the start of the movie, 

760. automatic theater light timing unit needing 
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digital clock synchronization to the start of the movie* 



NOT PART OF INVTEWION: 
800. internet. 
802. customers. 

804. internet protocol (IP) packet. 

808. world wide web (WWW) graphics intense portion of the 
internet. 

812. digital versatile disks (DVD's) (DVD, DVD-RW (R ), 
DVmRS® (R ) K 

816. compact disks (CD's) (CD, CD-R (R ), CD-RW (R ) ) . 

820. personal computer's (PC ? s) - 

Prior art units equipped with an internet connection, world wide 

web (WTO) browser, and media ticket smart card reader, and prior 
art drives such as compact disk record once (CD-R) , digital 
versatile disk read/write (DVD-RW (R ), DVD+RW (R )), flash solid 
state memory. 

824. web server computers media distribution company office web 

server computers which distribute custom encrypted digital media 
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downloaded by the internet to customer's personal computers. These 
server computers must be physically contained in US National 
Computer Security Center (NCSC) classified commercial rated C2 
facilities (physically isolated and locked with Internet 
connections} with layered security highly protected inner-sanctum 
for *plain-text (unencrypted) ' digital master storage and 
conversion to custom ^cipher-text (encrypted)' media, layered 
security, and final Internet layer firewall protection. 

©40. crypto micro-processor/micro-controller (C-uP f s) : 

844 . embedded micro-controller (single chip micro-processor 

with built-in bus interface (I/O), timing circuitry or counter 

timer circuitry (CTC) , DRAM refresh and addressing circuitry, 
direct memory access or DMA circuitry, 

848. intermetallic layer wire mesh with impedance 

monitoring for use as an anti-tamper device which will erase the 
cryptographic memory, 

852. Micro-controller bus, 

856. a small amount of DRAM (temporary data store), or 
static RAM (SRAM), 

860. a small amount of EE PROM (permanent program store), 



864. cryptographic memory or tamper resistant non-volatile 
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electrically erasable programmable read only memory (TNV-EEPMM) 
for permanent cryptographic program store and cryptographic data 
store. 

880. (media ticket) smart cards: 
crypto-micro-controller (820) , 
884. calculator battery, 

888. male card edge metallic contact with power pin 
(for re-charging the battery) . 

900. {media ticket) smart card readers: 

904. universal serial bus interface (to a personal 
computer) , 

908. female card edge contact reader, 

possibly cryptographic micro-processor for pass-thru encryption 

(not needed if data is already family key encrypted) (820). 

920. high security operating systems (HS-OS T s). These are 

high-security, operating systems which execute upon non-crypto- 

CPU's. These must be physically contained in US National 

Computer Security Center (NCSC) classified high security 
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(GGMSEC) rated C3 or commercial restricted access facilities, 
World wide web server computers with firewall protections 

924. local area networks (LAN's) . 

928. wide area networks (WAN's). 

932. cryptographic digital signal processors (C-DSP's) 
patent ponding [REF 500] , consisting of a single chip solution of 
combined analog and digital silicon library (silicon compiler) 
units of: 

936. a full custom digital signal processing (DSPJ unit 

which can be supplemented with silicon compiler hardware 
circuitry for Reed-Solomon (RS) parity decoding for transsiissioja 
line errors, with hardware circuitry for IBM's patented Data 
Encryption Standard (DES) decryption only in * canned data' use 
for conversion of ^cipher-text' streaming media into *plain 
text, ' with silicon compiler circuitry for doing MPEG X de- 
compression (1/ 2 CODEC) for high data rate ^canned data.' The 
prior art DSP unit itself is mostly used for byte shuf fling 
around the ^back-side DSP bus" and also for custom firmware 
digital signal processing (DSP) such as artificial digital sigjniai 
degradation algorithms (data lost can never be re-gained by 
hackers) . 

940. an inter- function on-chip back-side input/output 
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(I/O) bus, 

942. a first in first out buffer (FIFO) 
with an I/O port latched access on the I/O hus 

943. to front-side memory/data bus 

944. controller circuitry such as a bus interface unit 

(BIU), counter timer circuitry (CTC) , memory access (RAS/C&S) and 
refresh strobe (DMA) logic, direct memory access circuitry (IMfc.) , 
interrupt controllers, etc, 

948. static RAM (SRAM) or dynamic RAM (DRAM) for temporary 

data store, 

952. cryptographic memory which can be tamper resistant 

non-TOiatile electrically erasable programmable read-only memory 
{ TNV-EEPRQM) for non-volatile cryptographic program store and 
cryptographic data store, 

960. an around the chip metal deposition layer mask for 

tamper detection using impedance measuring which will erase ttoe 
cryptographic memory upon tamper detection, 

964. built-in block oriented error detection and 
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correction circuitry such as Reed-Solomon CHS) parity coding 
{very important for block oriented decryption modes which use 
block chaining which can also chain errors across a messaged , 

968. secret key hardware decryption only (executed before 

decompression to undo things in the proper order) which can be 
Data Encryption Standard (DES) in several modes such as Triple 
BES, block cipher modes of electronic codebook (ECB) and cipher 
block chaining (CBC) , and also stream cipher ssodes of cipher 
feed-back (CFB) and output feed-back (OFB) , 

972. a MPEG X one-half video CODEC of decompression only, 

976. RM digital to analog converters (RAMDAC's) with 

optional artificial digital signal degradation units (anti- 
piracy technique) to produce modulated digital red, green, bine 
{modulated digital RGB) output for a digital monitor, or else 
analog output for existing analog audio/video televisions suck 
as KTSC (US and Japan), PAL (UK and colonies}, or SECAM (French 
and colonies) . 

980. analog video line amplifiers, 

984. a MPEG X one-half audio CODEC of decompression only 

to various audio formats such as digital 2-channel stereo, 
digital theater type 5.1 speaker sound (e.g. Dolby surround 
sound (formerly codenamed as AC3) , e.g. generic 6 channel 
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theatre sound of: 1 woofer, and 5 tweeters, plus mid- range, plus 
high bass ) , or even full commercial theater 30 channel sound, 

988. audio digital to analog converters CEAC's) with 
optional artificial digital signal degradation units (anti- 
piracy technique) to produce analog sound for loud-speakers, 

992. analog audio line amplifiers, 



993. (optional) n-dimensional digital timing and digital 

signal outputs such as for seat vibration effects, olfactory unit" 
effects, automatic theater drapery controls, automatic theater 
lighting controls, timing cues for local advertising inserts 
during intermissions, etc., 

1000. internal cryptographic media players future patent 
pending .[REF 508] with embedded custom cryptographic digital 
Sl§^^/£>^^si5r units (932) [REF 500] , 

e.g. cryptographic PCI bus audio cards, 

e.g. cryptographic PCI bus video cards, 

e.g. cryptographic AGP port video cards, 
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personal computer (PC) must have a media ticket smart card reader, 
and conaputer keyboard, 

1004. external cryptographic audio/video media players 
future patent pending [REF 508] with built-in cryptographic 
digital signal processor units (932) : 

e.g. cryptographic digital versatile disk read/write 
players (C-DVD-RW, C-DVD+RW) players, 

e.g. cryptographic compact disk record once players (C- 

CD-R) , 

1008. has a built-in media ticket smart card reader, 
1012. has a built-in toggle field with liquid crystal display 
(LCD) for up to 10 alpha-numeric characters for 
passphrase/passcode entry and also, 

1016. has built-in toggle up/down and right/left control 
buttons, 

1020. (future option) has a built-in bio- identification 
unit such as a digital fingerprint reader. 
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1040. external cryptographic audio media players future 
patent pending [RSF 508] with built-in cryptographic digital 
signal proc&ssor units (932) : 

e.g. cryptographic inioving picture electronics gromqp 
compression standard I Audio Layer 3 (MPS) players Caudio 
only), or else the use of newer Advanced Audio CODEC (R ) 
(AAC) using fast wavelet compression instead of the older 
discrete cosine transform. 

e.g. future versions of moving picture electronics 
group compression standard I audio layer 3 (MP3) players 
(audio only) , 

e.g. future versions of audio compression level 3 
(AC3) (R) players (audio only) (this is a Dolby Labs (R) 
standard called Dolby Digital Sound (R ) for various format 
recorded digitally compressed n-channel digitally 
decompressed from 2-channel to 5.1-channel output digital 
audio) for home use only, 

1044. has a built-in media ticket smart card reader, 
1048. has a built-in toggle field with liquid crystal 
display (LCD) for up to 10 alpha-numeric characters, 
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1052, has built-in toggle up/down and toggle right/left 
control buttons , 



1056. {future option) has a built-in bio-identification 
unit such as a fingerprint reader to read digital fingerprints. 

1060* external cryptographic electronic book, electronic 
newspaper, video only media players future patent pending [REF 
508] with a built-in cryptographic digital signal processor 
unit {932} : 

e.g. cryptographic digital versatile disk 
read/write players (DVD-RW, DVD+RW) players, 

e.g. cryptographic compact disk record once players 
(CD-R) has a built-in media ticket smart card reader, 

1064. has a built-in toggle field with liquid crystal display 
{LCD) for up to 10 alpha-numeric characters, 

1068 „ has built-in toggle up/down and toggle right/left 
built-in control buttons, 

1072. (future option) has a built-in bio-identification unit 
such as a digital fingerprint reader. 



1200. digital television monitors (like a computer moiaitorj 
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taking modulated digital red, green, blue (RGB) signals which 
need a set-top box converter. A digital television has a built- 
in set- top box for some type of digital audio/video input signal. 
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DETAILED DESCRIPTION QF INVENTION - Detailed Description of Drawings - 
Preferred Embodiment: 

Fig. 1 is a pyramid showing the layered design of the full proposed 
cryptographic system and where the media ticket smart card and custom 
digital media distribution public key cryptography architecture is 
suggested as an embodiment* 

Fig, 2 is a circuit block diagram of a prior art cryptographic 
microprocessor unit found in a prior art smart card. 

Fig. 3 is a circuit block diagram of a prior art media ticket smart 
card (212). This is used for secret key and private key secure 
containment and physical transportation. 

Fig. 4 is a circuit block diagram of a prior art media ticket smart: 
card reader attached to a personal computer. 

Fig. 5 is a circuit block diagram of a cryptographic digital signal 
processor CC-DSP) (932) fREF 500] . This is used for doing hybrid key 
cryptography which is both public key cryptography amid fast hardware 
based secret key cryptography inside of a digital signal processor 
processing digital signals in a cryptographically secure environment. 

Fig. 6 is a circuit block diagram of a cryptographic media player 
[REF 508] with a built-in media ticket smart card reader. 
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Fig, 7 Is a unit block diagram of the 1st alternative embodiment of a 
universal input cryptographic set-top box for encrypted or "cipher 
text" high definition television (HDTV) / standard definition television 
(SDTV) signals coining "over the airwaves", by cable system, by phone 
system, by satellite, or by IEEE 802.11c wireless Ethernet connections. 

Fig. 8 Is a circuit block diagram of the 1st alternative embodiment 
of a universal input cryptographic set-top box for eimcrypted or "cipher 
text" high definition television (HDTV) /standard definition television 
(SDTV) signals coming "over the airwaves", by cable system, by phone 
system, by satellite, or by IEEE 802.11c wireless Ethernet connections. 

Fig. 9 is a circuit block diagram of the 2nd alternative embodiment 
of a cryptographic micro mirror module (MMM) commercial movie theater 
system. 
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DETAILED DESCRIPTION OF INVENTION - Operation of Invention - Preferred 
Embodiment 

Fig. 1 is a pyramid showing the layered design of the proposed new 
type of cryptographic system and where the media ticket smart card 
and custom digital media distribution cryptography architecture is 
suggested as an embodiment. 
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Definition of trusted ("black") hardware. 



Cryptographic keys can only be held in trusted hardware which is 
equipped with tamper resistant non-volatile electrically erasable 
programmable read only memory (TNV-EEPROM) . This is prior art tauaper 
detect and tamper erase memory using a metal interconnect to detect 
pin port probers through impedance monitoring which is integrated 
with prior art integrated circuitry. 

Cryptographic keys even in secret key encrypted form mixed with 
random noise called "salt" should absolutely never be held in any 
non-cryptographic memory such as prior art computer hard disks for 
permanent storage! ! 2 ! 2 1 1 1 1 

Non- cryptographic permanent memory examples are ordinary prior art 
hard disk drives, compact disk record once drives, digital versatile 
disk read/write drives, or flash {bank programmable) types of solid 
state memory card drives. 

Unencrypted digital masters represent multi-million dollar sources 
of piracy revenue and are considered a media distribution company's 
jealously guarded crown jewels. The compromising of cryptographic 
keys will release multi-million dollar digital masters of hit movies 
and hit music to the illegal pirate or bootleg video and music 
industry. Record company promotional pre-releases of music and movie 
company first release movie masters are routinely copied by illegal 
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copyright pirates even before the first commercial releases to the 
public! ! ! ! 

The media distribution company's secure world wide web server is 
assumed to be secure and trusted being physically guarded at the media 
distribution company's central office building and also with internet 
gateway firewall protection* Various Web security domains can exist 
within the same physically secured office with different levels of 
controlled physical access. Web server security levels are from 
highest to lowest: 

A) . For highest security, the web server may be an isolated 
server with no or extremely restricted local area network office 
connections which holds no unencrypted digital media masters, 
only encrypted digital media masters. Footprint downloads or 
data transfer must occur from the ordinary office local area 
network using hand carried removable hard disk drives and 
streaming tape cassettes. 

B) • For the medium security server, the web server may be a 
proxy server (network protocol isolation server) or have local 
area network protocol isolation with the rest of the office. Mo 
other office phone lines or modem connections or Wide Area 
Network lines should be allowed to avoid points of hacker entry. 
Only the single World Wide Web Internet server line to the 
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outside world should exist. The server should have a firewall 
for protection from the outside world. 

C) . For the lowest security server, the web server has a local 
area network connection to the office. Absolutely no outside 
phone lines or modem connections or Wide Area Network lines are 
allowed. Only the single World Wide Web Internet server line to 
the outside world should exist. The server should have a 
firewall for protection from the outside world. 

The only secure tamper resistant non-volatile electrically erasable 
programmable read only memory (TNV-EEPROM) or shortened to secure 
cryptographic memory available in this system is: 

A) . in the media ticket smart card 

B) . in the cryptographic media player [REF 508] or more 
specifically inside of its cryptographic digital signal processor 
integrated circuit chip (e.g. crypto-MP3 player) . 

Definition of untnisted ("red") hardware. 

4 

The internet is untrusted hardware - 

Any non-cryptographic memory is untrusted hardware. 

Any non-cryptographic memory devices are untrusted hardware. 
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Any wiretapable buses are untrusted hardware- 

Pass-thru encrypt ion of cryptographic keys using family keys upon 
unencrypted data always combined with sequence nuaatoers or time stamps 
if a clock is available upon both sides to prevent recorded replay 
attacks must be done over all untrusted ("red") hardware and buses. 

Any secure sockets layer (SSL) internet connection is considered to 
be untrusted hardware !!!!!!! 

It is definitely not secure enough for transporting cryptographic 
keys which could be used by pirates to illegally access the clear- 
text (unencrypted) digital masters of multi-million dollar, 
commercial digital media such as hit movies, hit ramus ic, electronic 
newspapers, and popular electronic format books. This is because a 
fully automated hacker personal computer program which can be 
remotely planted by a virus will automatically extract secure sockets 
layer private keys and secret keys from hard disks- Such a hacker 
program will eventually be produced by hackers if indeed it does not 
already exist because there are no technological barriers to stop the 
hacker. The hackers will use assembly code dis-assembly and logic 
analyzers to reverse engineer the assembly code location and secret 
key encryption algorithm which mixes the private key and secret key 
with random noise called "salt" and permanently stores the private 
key and secret keys on hard disk. 
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A hacker program will be made to automatically retrieve the secret 
key encrypted private key and secret keys on hard disk and then 
randomly try to brute force crack the correct key sequence - 

Alternately, a simple keyboard capture buffer remotely planted by a 
virus can retrieve the keyboard entered customer password and also 
find out the operating system secret key used to emicrypt the private 
key stored on hard disk for permanent storage. 
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(NOTE TO PAx&wr EXAMINER: THIS CUT AND PASTE SECTION OF AMEND A: 
DATED 12/2007, IS NOT 'NEW TECHNICAL MATERIAL' OF AMggP A, BUT, SIMPLY 
VERBATIM, MATERIAL OF THE ORIGINAL USPTO DPP (DPP SERIAL NUMBER: 
510, 730, DATED: 5/1/2002), AND USPTO PPA (PPA NUMBER: 60/441,189, 

PPA DATED: 1/21/2003) , SUBSEQUENTLY % EDI TED OUT' BY THE USPTO OFFICE OF 
INITIAL BASEST EXAMINER'S (USPTO PIPE) FOR REASONS OF PRODUCING 
BREVITY, AND FOR THIS AMENDMENT A, THE PRESENT APPLICANT HAS SIMPLY RE- 
INSERTED ggZS SECTION. 

Media Ticket Smart Card System Authority and 

r 

Vendor Factory Pre-Distributioni 
Activities 



gactory distribution of cryptographic keys (before any internet based 
media distribution) . 

The media ticket smart card system authority, party S, has a division 
Of powers into three components to keep the potential access to plain 
text digital masters restricted to the originating digital media 
distribution company (its crown jewels worth multi-millions of 
dollars) : 
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A) , public key generating authority (PuKGA), party G: has knowledge 
of whole private keys and whole family keys, but, no' knowledge of 
custojner identifications of any kind, 

B) . public key distribution authority (PuKDA), party D: has 
knowledge of customer identifications of the kind registered by 
customers through retail store forms, web registration, and mail -back 
postcards, but, no knowledge of whole private keys and whole family 
keys. 



C) * public key escrow authorities ( PuKEA) , parties En (a minimum of 
parties El and E2 for cryptographic keys split into a front-half acid 
a back-half) : 

party El has only half of private keys, 

naif of family keys, half of secret keys. 

party E2 has the other halves. 

party El and party E2 have no 

customer identification information of any kind- 
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Central Public Key Generation .Authority 

(PuKGA} - Party 6 

The media ticket smart card system authority, party S, has a 
dedicated function of a public key generation authority, party G: 

which has knowledge of whole cryptographic keys, but/ no 
knowledge of customer identities or vendor identities!!?!!! 

A) • Input to PuKGA: 

None. 

B) - Processing by PuKGA: 

1) . Party G generates from true random noise: the system family key 
(FaK-F5 which is a family key (common secret key (SeK-F) ) , FaK-F, 
where party F is the common family, which is given to the public key 
distribution authority, party D, for eventual pre-factory 
distribution to trusted media distribution companies, party Vn. 

2) „ Party G generates an initialization vector (IV) used as a 
secret key seed (SeK-D) given only to: 

a) . the public key generation authority (OPtiKGA) , party G, 
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b) • the public key distribution authority (C-PuKDA) , party D, 
The top secret initialization vector (IV) is used as the seed for a 
message authentication cipher (MAC) . A message authentication 
cipher (MAC) is a message digest cipher (MDC) using a secret seed 
which restricts its used to classified parties. A message digest 
cipher {MDC) is a one-way hash code which in exaisple inputs a 512-- 
bit cipher block of data and produces a fixed bit output uniquely 
representing the data such as a 128-bit pseudorandom output • A 
message authentication cipher (MAC) code (MAC code) is a fixed bit 
output such as 128-bits uniquely representing some digital data 
which only the holders of the initialization vector (IV) can 
produce, 

3). The initialization vector (IV) is distributed by the party G 
only to the central public key distribution authority (C-PukOA) , 
party D, who will use it to keep the customer index number (ON) top 
secret to stop its use to link cryptographic keys to owners (just as 
social security numbers should be kept citizen secret) ♦ Instead of a 
customer index number (ON) , a message authentication cipher code 
(MAC code) of the customer index number (CIN) is made public called 
the MAC (GIN) - 

[MOTE TO PATENT EXAMINER: NOT IN ORIGINAL USPTO DPP or USPTO 
PPA technical material and not an obvious mistake/ but, added 
for clarification.] 

TOTE: The made public as a unique MAC (CIN) t while keeping as a 
private value, the CIN, is the opposite use of a public CIN, and 
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a private MftC(CIN), as used in many prior art cryptography split , 
key escrow systems (e.g. US Federal WIST Clipper chip/Capstone 
program' s split key escrow scheme). While the previous split 
key escrow programs desired a single split key escrow party en 
only known, single central key, initialization vector (IV) value 
for feher given MAC/ to centrally decode all public CIN values to 
their private MAC (CIN) values , used for common split key escrow 
party en, split key indexing and split key coMnbination, the 
present inventor desires an eventual no central keys rule and 
hence the reverse sense of private and public variables, 

4) . The public key generation authority, party G, pre-f actory 
prepares media ticket smart cards: 

a) - The public key generation authority, party G, pre-factory 
deposits a family key, FaK-F, copy into every blank media ticket 
smart card before they are given to the public key distribution 
authority, party D, for eventual physical distribution to trusted 
media distribution companies, parties Vn, who imi turn will factory 
distribute them to customers at retail stores and in the certified 
mail. 

b>. The party G will generate an incremented customer index 
number (CIN) which is kept top secret. 
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c) . The party G will compute a message authentication cipher 
(MAC) of the customer index number (CIN) called the MAC (C IN) which 
is used as a public customer identification number. 

d) . Party G pre-factory generates public key/private key pairs 
with the private key always being kept top secret and the public 
key as public information, 

{PrK-A, P\iK-A}, 

{PrK-B, PuK-B, } , 

etc- 

for all customers, party A, party B, etc* and assigns them one by 
one to customers of unknown identity: 

{CIN, MAC (CIN), PrK-A, PuK-A} , 

{CIN, MAC {CIN}, PrEC-B, PuK-B}, 

etc, 

e) . Party G pre-factory embeds into media ticket smart card K, 
the values of: 

G-FaK-F 

{ , MAC (CIN), PrK-A, PuK-A} 
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and into media ticket smart card B, the values of: 
G~FaK-F 

{ , MAC(CIN), FrK-B, PuK-B} 

etc. 

and isigprints on the smart card exterior the public customer 
identification number , MAC(CIN), for identification, since, the 
central public key distribution authority (C-PuKBA) , party © will 
have no access to the public keys or private keys inside. 

Access to the private key field of the media ticket smart cards 
will be done through an access code (e.g. passphrase/passcode, or 
password with vowels substituted by pseudo- random noise) which 
initial access code must be denied the Central public key 
Distribution Authority (C-PuKDA) , party D, who can have no knowledge 
of private keys. Therefore, the initial access code is stored inside 
of a party G database given to a public key access code authority 
(PuKAC) who will later contact the customer with the initial access 
code: 

I 

{ , MAC(CTN) , , PuK-A, 

initial access code}. 
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{ , MAC (CIN), , PuK-B, 

initial access code}, 
etc, 

.} 

f ) . Party G gives the media ticket smart cards to the party D Who 
in turn will give them to authorized media distribution companies, 
parties Via, for eventual sale to customers. 

h) . The party G gives a customer public key database without 
private keys to the central public key distribution authority (C- 
PuKDA) , party D, for eventual publishing on the world wide web (KWi) 

{CIN, MAC(CXN), , PuK-A}, 

{CIN, MAC (CIN) , , PuK-B}, 

etc. 

The party D will make all public keys without private keys or 
customer index number (CIN) publicly available over a media ticket 
smart card system authority internet web server using digital 
certificate standards (e.g. International Telegraphy Union's {ITU's} 
X.509 standard). 

( , MAC (CIN) , , PuK-A, 



customer name, etc.}, 

158 of 737 



{ , MAC (CIN) , , PuK-B, 



customer name, etc.}. 

This new method does not trust other public key systems already in 
use!!!!!!!!! Existing public key systems such as secure sockets 
layer (SSL) based public keys are not hacker safe and may be 
compromised which would give away multi-million dollar in value 
commercial digital masters for music and movies!!!!!! 

i) . "The public key generation authority, party G, may destroy the 
private keys after smart card depositing for absolute privacy. The 
private keys are kept top secret. 

j). Optionally the party G may use a central public key escrow 
authority (OPuKEA) , parties En, with a minimum of two escrow parties 
to hold the front half and the back half of split cryptographic keys, 
to hold split cryptographic keys. 
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{ , MAC(CIN) , key split PrK-A, PuK-A}, 

{ , MAC (CIN) , key split PrK~B, PuK-B}, 

etc, 

5). The public key generation authority (C-PuKGA) , party G, pre- 
factory prepares the cryptographic digital signal processors {C-DSP) 
for transfer to the public key distribution authority (C-PuKDA) , party 
D, for passing to the media distribution vendors, parties Vn, for 
eventual manufacturing into cryptographic media players [REF 50®J for 
customer sale. 

a) . Party G pre-factory prepares the cryptographic digital signal 
processing (C-B5P) integrated circuits eventually used Inside of the 
cryptographic media players [REF 503] by hardware manufacturers > 

b) • Party G must pre-factory install cryptographic keys into the 
tamper resistant non-volatile electrically erasable programmable read 
only memory ( TNV- EE PROM ) of the cryptographic digital signal 
processing (C-BSP) integrated circuits (IC's). 

A cryptographic digital signal processing unit {C-DSP) includes: 

cryptographic memory for crypto keys and crypto algorithms, 

hardware session key (1-time secret keys) | 
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decryption circuits with hardware block error detection and 
correction, 

MPEG X digital decompression circuits (in players only a 

Digital MPEG X de-compression only device called a 1 /2 CODEC with 
the compression part missing) , 

digital audio/video signal processing circuits, 

digital artificial signal degradation circuitry, 

analog audio/video or analog signal processing circuits with 
line amplifiers for output to loudspeakers, 

digital video signal modulation to analog for modulated digital 
output to counter monitor displays (e.g. SVGA monitors, UXGA 
monitors, etc.) 

c) . Party G installs the media ticket smart card system authority 
system family key, called party F, FaK-F into the cryptographic 
digital signal processors (C-DSP's). 

d) . Party G generates a top secret vendor index number (VIM) for 
all media distribution vendors, parties Vn. Party G also generates 
a public vendor identification number using a message authentication 
cipher of vendor index number (MAC (VIN) ) . 



e) . Party G generates vendor private key/public key pairs: 
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{VIM, MAC (VIN), PrK-Vn, PuK-Vn}, 
{VIM, MAC (VIN) , PrK-Vn, PuK-Vn}, 
etc. 

The whole set of unique vendor private keys, PrK-Vn, and public 
keys, PuK-Vn, indexed by vendor identification number (MAC (VIM)) will 
be embedded into each and every cryptographic digital signal 
processor for eventual use in cryptographic ircedia players which are- 
isolated in network use although a local "red" comnicat ions channel 
with a customer inserted media ticket smart card is supported: 

{ , mC(VTN), PrK-Vn, PuK-Vn}, 

{ , MAC(VTM), PrK-Vn, PuK-Vn}, 

etc, 

f ) . Party G will distribute to the central public key distribution 
authority (C-PuKDA) , party D: 

{VIN, MAC (VIN), , PuK-Vn}, 

{VIN, MAC (VIM), , PuK-Vn}, 

etc- 
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Party D will distribute to each vendor, party Via, only his own 
public key data including his own top secret vendor private key, Pr&- 
Vn: 

{VIN, MAC (VIN) , PrK-Vn, PuK-Vn} 

g) . The public key generation authority, party G, may destroy tine 
vendor private keys, PrK-Vn, after cryptographic digital signal 
processor depositing for absolute privacy. The private keys are kept 
top" secret to each vendor. 

h) . Optionally the party G may use a central pitablic key escrow 
authority (OPuKEA) , parties En, with a minimum of two escrow parties 
to hold the front half and the back half of split cryptographic keys, 
to hold split cryptographic keys. 

f , MC (VIN) , key split PrK-Vn, PuK-Vm}, 

{ , MAC (VIN) , key split PrK-Vn, FuK-Vn} # 

etc, 

6) . Party G will also generate unique to each umedia distribution 
vendor, party Vn, a unique vendor secret key, SeK~Vn. Party G will 
give this vendor secret key to the central public key distribution 
authority for eventual distribution to each media distribution vendor 
of only his own top secret vendor private key which protects his own 
digital iDiedia- masters. 
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{VIN, MAC (VIN) , — , SeK-Vn}, 

JVIN, MAC (VIN) , , SeK-Vn}, 

etc- 

7) . Party G will embed the whole set of unique vendor secret keys, 
SeK-Vn, indexed by vendor identification number (MAC (VIM) ) into each 
and every cryptographic digital signal processor CC-DSP) for eventual 
manufacturing into cryptographic media players. 

(Vm, MAC (VIN), , SeK-Vn}, 

{Vm, MAC (VIN) , , SeK-Vn } , 

etc. 

8} . The public key generation authority, party G, may destroy the 
vendor secret keys, SeK-Vn, after cryptographic digital signal 
processor depositing for absolute privacy. The private keys are kept 
top secret. 

9) . Optionally the party G may use a central poblic key escrow 
authority (C-PuKEA) , parties En, with a minimum of two escrow parties 
to hold the front half and the back half of split cryptographic keys, 
to hold split cryptographic keys. 
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{ , MAC(VIN), key split SeK-Vn}, 

{ , KAC(VIN), key split SeK-Vn} , 

etc, 

10) . Party G gives the programmed cryptographic digital signal 
processing integrated circuits {IC's) to the central distribution 
authority (OPuKDA) , party D, who will pass them to the media 
distribution vendors, parties Vn, for factory manufacture into 
cryptographic media players. 

11), The public key generation authority (C-PuKGA) , party G, may 

deposit important split cryptographic keys with the central public key 
escrow authority (OPuKEA) , parties En: 

Optionally, the media ticket smart card system authority - public 
key generation authority function may key split the cryptographic 
keys as into a front half and a back half and transfer the 
cryptographic keys to at least two separate public key escrow 
authorities. The public key escrow authority function handles the 
cases of customer lost media ticket smart cards or customer stolen 
media ticket smart cards or disputes over legal ownership of media 
ticket smart cards as in divorce cases. This key escrow function 
allows the media ticket smart card system authority to re-construct 
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cryptographic data and cryptographic keys after lost or stolen media 
ticket smart cards are reported which might otherwise represent data 
permanently lost to customers. Disputed legal ownership of media 
ticket smart cards as in divorce or separation cases may also restore 
media ticket smart card contents to rightful legal owners even if the 
smart card itself is not available to a court. 

The cryptographic keys should be key split into at least a front 
half key and a back half key just like breaking it in half* The 
front half of all keys generated and issued is deposited by the m&dia 
ticket smart card system authority with a neutral key escrow agent in 
a computer relational database. The back half of all keys generated 
and issued is deposited by the media ticket smart card system 
authority with an entirely separate neutral key escrow agent in a 
computer relational database. 

It is assumed for convenience, payment, and legal ownership that 
each customer will usually have only one registered media ticket 
smart card registered with the media ticket smart card system 
authority for all of his own personal music and movies. 

Party El receives (front key split halves of } ; 

Customer private key pairs: 

( 

{ , MAC(CIN), front half PrK-A, PuK-A}, 
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{ , MAC (CIN) , front half PrK-B, PuK-B}, 



etc. 
}. 

Vendor private key, PrK-Vn, pairs: 

{ 

{ , MAC(VIN), front half PrK-Vn}, 

{ , MAC (VIN) / front half PrK-Vn}, 

etc. 
} 

Vendor unique secret key, SeK-Vn, pairs: 

I 

{ f MAC(VTN), front half SeK-Vn}, 

{ , MAC (VIN), front half SeK-Vn}, 

etc. 
} 
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Party E2 receives (back key split halves of) : 
Customer private key pairs: 
( 

{ , MAC(CIN), back half PrK-A, PuK~A}, 

{ r MAC(CIN), back half PrK-A, PuK-A}, 

etc* 
} 

Vendor private key, PrK-Vn, pairs: 
{ 

{ , MAC (YIN) , back half PrK-Vn}, 

{ , MAC(VTN), back half PrK-Vn } , 

etc, 
} 
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Vendor unique secret key, SeK-Vn, pairs: 

{ — , MAC(VIN) , back half SeK-Vn} , 

{ , MAC (VTN) f back half SeK-Vn} t 

etc. 

I 
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Central Public Key Distribution Authority 



(OPuKDA) - Party D 

The media ticket smart card system authority, party S, has a 
dedicated function of a central public key distribution authority (C- 
PuKBA.) , party D: 

which has knowledge of customer identifications and vendor 
identifications, but, no knowledge of whole cryptographic 
keys! ! ! 2 

A) . Input to OPuKDA, party D: 

1) . Party D receives from the central public key generation 
authority (C-PuKGA) , party G, the following: 

2) . Party D receives from party G who generates from true random 
noise: the system family key (FaK-F) 

which is a common secret keys (SeK-F) where party F is the common 
family, which is given to the public key distribution authority, 
party D, for eventual pre-factory distribution to trusted media 
distribution companies, party Vn. 

» 

3) . Party D receives from party G, the initialization vector 
(IV) . Party D will use it to keep the customer index number (C1H) 
top secret to stop its use to link cryptographic keys to owners 
(just as social security numbers should be kept citizen secret) * 
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Instead of a customer index number (CIN) , a message authentication 
cipher code (MAC code) of the customer index number (CIN) is made 
public called the MAC (CIN). 

4) • Party D will receive from party G a customer public key 
database without private keys to the central public key 
distribution authority (C-PuKDA) , party D, for eventual publishing 
on the world wide web (WWW) without the top secret customer index 
number (CIN) : 

{CIN, MAC (CIN), , PuK-A}, 

{CIN, MAC (CIN) , , PuK-B}, 

etc. 

5) . Party D receives from party G the pre- factory programed 
media ticket smart cards who in turn will give them to authorized 
media distribution companies, parties Vh, for eventual sale to 
customers . 

6) * Party D receives from party G media distribution vendor 
databases : 

{VIN, MAC (VIN), , PuK-Vn}, 

{VIN, MAC (VIN), , PuK-Vn}, 

etc. 
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7) \ Party D will distribute to each vendor, party Vn, only his 
own public key data: 

{VIN, MAC (VIN), , PuK-Vn) 

8) . Party D receives from party G who will also generate unique 
to each media distribution vendor, party Vn, a unique vendor secret 
key, SeK-Vn, Party G will give this vendor secret key to the 
central public key distribution authority for eventual distribution 
to each media distribution vendor. 

{VIN, MAC (VIN), , SeK-Vn}, 

{VIN, MAC (VIN), , SeK-Vn} , 

etc, 

9) „ Party D receives from party G who will embed the whole set 
of unique vendor secret keys, SeK-Vn, for every party Vn into each 
and every cryptographic digital signal processor (C-DSP) for 
eventual manufacturing into cryptographic media players. 

(VIN, MAC (VIN), , SeK-Vn}, 

{VIN, MAC (VIN), , SeK-Vn), 

etc. 

10) . Party D receives from party G the pre-factory programmed 

cryptographic digital signal processor integrated circuits and 

party D will in turn distribute the chips to the media distribution 
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companies, parties Vn, for manufacturing into cryptographic media 
players and for further factory use and eventual customer 
distribution at retail stores. 



B) . Processing by OPuKDA: 

1) . Party D keeps a top secret computer database record of: 
f 

authorized media distribution vendor index number {top 
secret) (VIN) , 

public vendor identification number - message 
authentication cipher (MAC) of vendor index number 
{MAC (VIN) ) , 

i > 

MAC (C IN) , 



PuK-n, 

eventual registered customer name 

{by retail store registered, Web registered, or 
registration postcard, or media distribution vendor 
database updates) 
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2) . Party D, look-up of customer name in this top secret database 
will give the top secret customer index number (CIN) • Use of the 
message authentication cipher (MAC) seeded with the initialization 
vector (IV) upon the customer index number (CIN) will produce a 
message authentication cipher code (MAC code) which can be handed to 
the central public key escrow authorities, parties En, to retrieve 
key split cryptographic keys and family keys and also used to index 
the initial media ticket smart card access code database held by the 
Central public key Access Code Authority (C-PuKAC) , party EA for 
mailing or transmitting the initial access code to customers. 

3) , Party D keeps a top secret computer database record of; 
{ 

JVIN, 

MAC (VIN) , 



PuK-Vn, 



vendor identification such as name, address, 
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etc. 



C) . Output of C-FuKDA; 

1} . Party D pre-factory distributes the media ticket smart card 
system authority system family key, FaK-F, to the media distribution 
companies, parties Vn, 

2} . Party D gives the programmed cryptographic digital signal 
processing (DSP) integrated circuits to the authorized media 
distribution vendors who will factory manufacture them into 
cryptographic media players. 

3) • Party D distributes to each media distribution vendor, Vis, 
his own, unique secret key (SeK-Vn) . Party G has already key split 
these secret keys for deposit with the neutral, key escrow parties, 
party El and party E2. 

4) * Party D distributes to each media distribution vendor, Vn, his 
own, unique vendor private key (PrK-Vn) with a message authentication 
cipher of vendor identification number (MAC(VIN)). Party G has 
already key split these secret keys for deposit with the neutral, key 
escrow parties, party El and E2 . 

5) • Party D distributes to each media distribution vendor, Vn, his 
plain text vendor identification number which consists Of the message 
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authentication cipher of the vendor index number (MAC(VIN)) (for 
system family key encryption and download with encrypted media to 
customers to identify the vendor) . 

6} • Party D publishes the customer public key database for use 

by the media distribution vendors, Vh: 

{ , MAC(CIN) , , PuK-A), ^ 

{ , MAC(CIN), , PuK-B}, 

etc. 

7) . Party D gives to the Central Public Key Recess Code 
Authority (C-PuKAC), Party EA, a top secret computer database record 
to help in mailing initial access codes to customers of: 

{ 



public media distribution vendor 

identification = message authentication cipher (MAC) of 
vendor index number MAC (VIN) , 

{ , 
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MAC (CIN) , 



9 

PuK-n, 

eventual registered customer name (retail store 
registered, Web registered, or registration postcard) 
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Central Public Key Escrow Authorities 

(OPuKEA) - Parties En 

The media ticket smart card system authority, party S, has a 
dedicated function of a central public key escrow authority {OPuKEA} , 
parties En: 

which has knowledge of split cryptographic keys, but, no 
knowledge of whole cryptographic keys, customer identifications 
and vendor identifications!!!! 

A) . Input to OPuKEA: 

1) . The parties En may optionally receive from the party G (with 
a minimum of two escrow parties to hold the front half and the back 
half of split cryptographic keys, to hold split cryptographic 
keys) : 

{ , MAC(CIN), key split PrK-A, PuK-A), 

{ , MAC(CIN), key split PrK-B, PuK-B}, 

etc, 

2) . The parties En may optionally receive from the party G 
(with a minimum of two escrow parties to hold the front half and 
the back half of split cryptographic keys, to hold split 
cryptographic keys) : 
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{ , MAC(VIN), key split PrK-Vn, PuK-Vn}, 

{ , ftAC(VIN), key split PrK-Vn, PuK-Vn}, 

etc, 

3) • The parties En may optionally receive from the party G 
{with a minimum of two escrow parties to hold the front half and 
the back half of split cryptographic keys, to hold split 
cryptographic keys) : 

f , MAC(VIN), key split SeK-Vn), 

{ , MAC(VIN), key split SeK-Vn}, 

etc* 

B) • Processing by C-PuKEA: 

1) „ An independent function of the media ticket smart card system 
authority (OPuKEA) , party S, is the central public key escrow 
authorities, parties En (a minimum of parties El and E2), 

2) . This authority takes care of customer lost, stolen, and 
legally disputed media ticket smart cards. 

Party El receives (front key split halves of): 

key split media ticket smart card system family key (FaK-F), 
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key split initialization vector (IV) used as a secret key 
(SeK) for the message authentication cipher (MAC) used upon the 
top secret, customer index number (CIN) . 

{whole message authentication cipher code of customer index 
number (MAC (CIN) ) , 

key split public key pair n (PuK-n, N) ,- 

key split private key pair n (PrK-n, N) ) , 

3} . Party E2 receives {back key split halves of) : 

key split media ticket smart card system family key (TaK-F) , 

key split initialization vector (IV) used as a secret key 
(SeK) for the message authentication cipher (MAC) used upon the 
top secret, customer index number (CIN) . 

(public customer identification code = whole message 
authentication cipher (MAC) code of customer index number 
(MAC (CIN)), 

key split public key pair n (PuK-n, N) , 

key split private key pair n (PrK-n, N) ) . 
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4). Customer media ticket smart cards which are lost, stolen, or 
of disputed legal ownership must be handled to preserve use of 
custom, encrypted digital media still in customer ownership. This 
is initiated by customers, party A, contacting the central public 
key distribution authority (C-PuKDA) , party D who in turn will 
contact the parties En using the public customer identification 
number or MAC(CIM) to retrieve split cryptographic customer keys. 

C) . Output by OPuKEA: 

None . 
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Central Public Key Access Code Authorities 

(C- PuKAC) - Parties EAn 

The media ticket smart card system authority, party S, has a 
dedicated function of a central public key access code authority (C~ 
PuKAC), parties EAn: 

which has knowledge of media ticket smart card initial access 
codes and customer identifications in order to mail initial 
access codes to customers, but, has absolutely no access to 
media ticket smart cards and no knowledge of whole cryptographic 
keys!!!! 

A) , Input to C- PuKAC: 

1). Party EA receives from the central public key 
generation authority ^C-PuKGA) , party G, the initial access code 
database . 

{ 

{ , MAC(CIN), , PuK-A, 

initial access code}, 
{ , MAC(CIN) , , PuK-B, 

initial access code}, 
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etc. 



} 

2) . Party EA receives from the Central Public Key 
Distribution Authority (C-PuKDA) , Party D, a top secret computer 
database record to help in mailing initial access codes to 
customers of: 

{ 

authorized media distribution vendor id (VIN) , 
I , 

public customer identification number 
{MAC CCIN) ) , 



customer n's public key (PuK-n), 
eventual registered customer name 

(retail store registered, Web registered, or registration 
postcard) 

}, 
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B) . Processing by C-PuKAC: 

1}. The public key access code authority (PuKAC), party EA, will 
later mail in secure certified mail or transmit over secure sockets 
layer (SSL) to each customer his own initial access code* The 
initial access code gives customer access to use of his private key 
field and does not compromise session keys or digital masters. 

C) . Output by C-PuKAC: 

None* 

Authorized Media Distribution Vendors - 
Parties Vn 

The authorized media distribution vendors, parties Vn: 

which have no knowledge of whole customer cryptographic keys, 
but, have knowledge of customer identifications 5 ! ! ! \ 

A cryptographic algebra notation implemented in the central media 
world wide web (WWW) server, party Vn (distribution), for each 
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customer, party A, party B, party C, party E (reserved for key escrow 
companies) , party F {reserved for the common secret family key) , party 
G, party etc- is as follows: 



A) . Input to Vn: 

1) . Party Vn receives from the public key distribution authority 
(C-PuKBA), party D, pre-factory distributed cryptographic keys: 

a) . The distribution party, party Vn, the media ticket 
smart card used by the customer party A {unavailable to the 
customer himself in secure, tamper resistant, non-volatile/ 
electrically erasable programmable read only memory ( TNV-EEPRGK ) , 
in short called cryptographic memory) has a pre-factory, party G 
installed system family key (FaK-F) . 

The cryptographic media player [REF 508] has a pre- exist ing, 
pre-factory, party G installed system family key {FaK-F) in 
cryptographic memory. 

b) . The media distribution company, Vri, has a party G, 
pre- factory distributed unique vendor secret key (SeK~Vn) , stored 
in cryptographic memory. 

Any authorized cryptographic media player [REF 508) 
also receives from party G an entire set of pire-factory 
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distributed unique secret keys, SeK~Vl to Vn for all vendors 
stored in its cryptographic memory. 

c) . The media distribution company / Vn, has a party G, 

pre-factory distributed unique vendor private key (PrK-Vn) , stored 
in cryptographic memory. 

Any authorized cryptographic media player [REF 508] 
also receives from party G an entire set of pre- factory 
distributed unique public keys, PuK-Vl to Vn for all vendors 
stored in its cryptographic memory. 

B) . Processing by Vn: 

1). The distribution party Vn ? s computation in his physically 
secure, media distribution company central office: 

These following steps are done in a secure office computer 
with only a proxy server local area network connection to an 
internet server (hacker accessible) and also with no phone line 
access to protect the unencrypted digital masters. 

a) . The media distribution party, party Vn, uses his unique 
message authentication code (MAC) of vendor index number (MAC (VIM)) 
(the message authentication cipher is not known by the party Vn) as 
the public vendor identification number (MRC(VIW)) in order to 
download his public vendor identification number along with an 

186 of 737 



incremented session id number to customers for indexing of the 
downloaded custom encrypted digital media and also cross-indexing 
with the encrypted play code with header and encrypted play count 
with header. 
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b) . The custom encrypted digital media is defined as: 

i 

vendor identification number MAC (VIN) ) , 
session id number, 

play code (SsK-A) encrypted digital media, 
} 

c) . The vendor and customer unique encrypted play code with 
header is defined as: 
{ 

I vendor identification number (MAC (VIN) ) , 
session id number, 

customer public key (PuK-A) encrypted 

' I 

vendor secret key (SeK-Vn) encrypted 
{vendor digitally signed (PrK-Vn) {play code, 
vendor sequence number, MAC (CIH) } } , 

), 

customer (family key) sequence number, 
H, 
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d) « The play code is defined as the session key (1-time 
secret key) used to custom encrypt the digital media. 

e) . The play count is defined as: 

{ 

play count = paid for number of plays, 

-1 for an infinite count, or 



count of free trial plays. 
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f ) . The vendor and customer unique encrypted play count with header 
is defined as: 

f 

{vendor identification number MAC(VTN)), 
session id number, 

customer public key (PuK-A) encrypted 
i 

vendor secret key (SeK-Vn) encrypted 

{vendor digitally signed (PrK-Vn) {play count, 

vendor sequence number}} 



customer (family key) sequence number, 
} 

}> 

g) . The two above steps of lstly vendor secret key (SeK-Vm) 
encryption and 2ndly customer public key (PuK-A} encryption can be 
replaced by the almost equivalent in functionality but much slower 
steps of 1st customer public key (PuK-A) encryption and 2ndly 
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vendor public key (PuK-Vh) encryption (careful not to weaken the 
vendor digital signature) . This assumes that a full set of vendor 
private keys (PrK-Vl to PrK-Vn) is contained in each cryptographic 
media player as well as the vendor public keys (PuK~Vl to PuK-VnJ . 
The vendor public key decryption step is much slower than 
equivalent vendor secret key encryption step done in the 
cryptographic digital signal processor and will require revealing 
the vendor private keys to the cryptographic media player - 

h) . The media distribution vendor, Vn, uses his media 
ticket smart card system authority issued system family key, FaK-F, 
to family key pass-thru encrypt the encrypted play count with 
header, the encrypted play code with header all with sequence 
numbers to stop recorded replay attacks for download to the 
customer, party A. 

Vn- FaK-F ( {encrypted play count with header)) = V. 

i) . The media distribution vendor, party Vn, electronically 
web bills the customer, party A, over the internet to the prior art 
customer personal computer A by using credit card numbers 
transacted over a secure sockets layer (SSL) non-cryptographically 
secure transaction line. 

j ) . Sequence numbers - The sequence numbers are needed to 
prevent recorded replay attacks on wiretapable buses of pass-thm 
encrypted signals inside of the cryptographic media player- The 
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vendor sequence number can only be incremented by a party with the 
vendor secret key (SeK-Vn) , customer private key (PrK-n) , aad 
system family key (FaK-F) who are the party G for any vendor, the 
party Vn only for his own play codes and play counts, or the 
cryptographic media player, party P, for any vendor which player 
has a collection of all vendor secret keys (SeK-Vl to Vn) and a 
collection of all vendor private keys (PrK-Vl to Vn) . Used in 
key ownership re-assignment operations by the C-DSP. The 
cryptographic media player, party P, can also check the vendor 
digital signature, and can obtain the customer A's private key 
{PrK-A) and public key (PuK-A) from customer's inserted media 
ticket smart card A. The customer {family key) sequence number is 
for media ticket smart card use only in loop-backed operations with 
the C-DSP. 

k) . The party Vn pass-thru encrypts the vendor and customer 
unique play count with header for transfer as: 

system family key encrypted JVn-FaK-F) 

{vendor identification number MAC(VIN), 
session id, 

customer public key (PuK-A) encrypted 
{ 

vendor secret key (SeK-Vn) encrypted 

{vendor digitally signed (PrK-Vn) {play count. 
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vendor sequence number, MAC (CXN) } } 



custodier (family key) sequence number, 

} 

}= V. 

which is in cryptographic algebra short-hand notation: 
Vn-FaK-F 

C 

session id, 
SeK-Vn( 

PrK-Vn(play count, vendor sequence number, 
MAC(CIN))) ), 

customer (family key) sequence number, 

J 
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I) , The media distribution vendor, party Vn, uses a true 
random number generator to create a play code or session key {SsK- 
A) , for customer, party A. The session key is database recorded by 
party Vn, indexed by the public vendor identification number 
CMAC(VXN)) along with the digital media title downloaded amid date 
and time. 

i 

vendor identification number (MAC (VIN) } , 
play code or session key (SsK-A) , 
customer A public key (PrK-A) , 
digital media title downloaded, 
day of distribution, 
month of distribution 
year of distribution, 
time of distribution, 



} 

m) . The media distribution company, party Vn, digitally 
signs the play code or session key (Vn~SsK~A) , with its own top 
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secret media distribution vendor private key (PrK-Vn) , {this is not 
an encryption step because any holder of the public key (PuK-Vn) 
can. de-scramble the session key) : 

Vh- PrK-Vn (Vn-SsK-A, vendor sequence number) = temp-m. 

n) . The media distribution company, party Vn, wishes to 
keep this play code or session key (SsK-A) , top secret from any 
custOEEers and from any other vendors which will reveal his multi- 
million dollar digital masters to digital sedia competitors, 

o) * Party Vn also uses his top secret, unique, secret key 
(SeK-Vn) , to encrypt (1st encryption) the result, temp-m, and am 
incremented sequence number to prevent recorded replay hacker 
attacks. A recorded replay hacker attack is a hacker who wiretaps 
open computer buses for digital recording and then simply re- 
introduces the value at a later time without ever decrypting it- 
Pass-thru encryption of fixed values is vulnerable to recorded 
replay hacker attacks* 

p) - Sequence Numbers - The sequence numbers are needed to 
prevent recorded replay attacks on wiretapable buses of pass- thru 
encrypted signals inside of the cryptographic media player. The 
vendor sequence number can only be incremented by a party with the 
vendor secret key (SeK-Vn) , customer private key (PrK-n) , and 
system family key (FaK-F) who are the party G for any vendor, the 
party Vn only fpr his own play codes and play counts, or the 
cryptographic media player, party P, for any vendor which player 
has a collection of all vendor secret keys (SeK-Vl to Vn) and a 
collection of all vendor private keys (PrK-Vl to Vn) . Used in key 
ownership re-assignment operations by the C-DSP- The cryptographic 
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media player, party P, can also check the vendor digital signature, 
and can obtain the customer A's private key (PrK-A) and public key 
( PuK-AJ from customer's inserted media ticket smart card A, The 
customer (family key) sequence number is for use by the media 
ticket smart card in loop-back operations with the ODSP. 

q) . The vendor's own secret key is shared only with the key 
escrow agents, parties El and E2, and a copy kept in the 
cryptographic media player [REF 508] : 

Vn-SeK-Vn (temp-m) = temp-q, 

r) . the media distribution company, party Vn, can use the 
play code or unique session key, SsK-A, to uniquely encrypt only 
party A's digital media masters on the secure office computer which 
is inner firewall protected before proxy server transfer to a 
publicly (hacker) accessed internet (TCP/IP) protocol server or 
world wide web (TOW) server, 

Vn-SsK-A (digital media) 

where: 

\ r mt- 3 sK-A ( da t a ) means party Vn doing sessioiu key encryption 
using party A's play code or session key {1-time secret key) 
upon digital data. 



s) . The following steps can be done by using an inner 
firewall and proxy server local area network (LAN) connection to 
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move the encrypted result X and also the uniquely encrypted digital 
media masters to a world wide web (WWW) server with an outer 
firewall . 



2) . 1-way transfer and custom session key encrypted media f s unique 
session key (X-time secret key), SsK-A, used only for customer party 
A's digital medium. The following steps can be done by using an 
inner firewall protected proxy server local area network (LAM) 
connection to move the encrypted result, temp-q, and also the 
uniquely encrypted digital media masters through a firewall to a 
world wide web server with an outer firewall and anti-viral software 
updated weekly and run daily. 

a) . The media distribution company, party Vn, wishes to restrict 
this result X uniquely to customer A ? s media ticket smart card. 
Party Vn encrypts (2nd encryption) the result, temp-q, with the 
public key of Party A ( PuK-A) which only Party A can decrypt witb 
his private key A ( PrK- A) stored inside of his media ticket smart 
card: 

Vn-PuK-A (temp-q) = temp- si . 

b) . The media distribution company, party Vn, wishes to restrict 
result, temp-sl, to trusted system parties. The media distribution 
company, party Vn, system family key (common secret key) to pass- 
thru encrypt (3rd encryption) the result, temp-Si, with the system 
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family key, FaK, while careful not to pass-thru encrypt the result 
twice which will undo the pass-thru encryption: 



Vn-FaK-F( 

MAC (VIN) , 

session id number, 

temp-sl, 

customer (family key J sequence number, 

} - temp-s2. 

c) • The summation, temp-s2, of these cryptographic 
operations becomes the pass- thru encrypted play code {session keyl 

pass-thru encrypted vendor and customer unique play code 
with header = 

family key pass-thru encrypted! 

{vendor identification number (MAC (VTN) ) , 

session id, 
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customer A public key encrypted 

i vendor secret key encrypted 
{vendor digitally signed {play code, 

vendor sequence number, MAC(CIN) }} , 

} 

customer {family key) sequence number, 
}} 

or in cryptographic algebra short-hand notation is: 
Vn-FaK-F { 

session id, 
FuK-A( 

Vn-SeK-A 

(Vn-PrK-Vn (Vn-SsK-A, vendor sequence no)) 

) 

customer {family key) sequence number, 
) 
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d) . Sequence numbers - The sequence numbers are needed to 
prevent recorded replay attacks on wiretapable buses of pass-thra 
encrypted signals inside of the cryptographic media player* The 
vendor sequence number can only be incremented by a party with the 
vendor secret key (SeK-Vn) , customer private key (PrK-n) , and 
system family key (FaK-F) who are the party G for any vendor, the 
party Vh only for his own play codes and play counts, or the 
cryptographic media player, party P, for any vendor which player 
has a collection of all vendor secret keys (SeK-Vl to Vn) and a 
collection of all vendor private keys (PrK-Vl to Vn) . Used in key 
ownership re-assignment operations by the C-DSP* The 
cryptographic media player, party P, cam also check the vendor 
digital signature, and can obtain the customer A's private key 
(PrK-A) and public key (PuK-A) from customer's inserted media 
ticket smart card A. The customer (family key) sequence msssber Is 
for media ticket smart card use only for loop-back operations with 
the ODSP. 

The notation used is: 

A-SeK-Bfdata) means party A doing secret key encryption using 
party B*s secret key upon the clear text data. 

SeK means a secret key 
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FaK means a family key (common secret key) 



PuK means a public key 
PrK means a private key 

SsK means a session key (1-time secret keyj 

Party F is the family party or set of parties holding the 
family key (common secret key) 

e) . Establishment of a media header to help retrieve data from 
customer, party A f s, media ticket smart card. 



Unique vendor and customer play count with header (and sequence 
numbers) is: 

{ 

vendor identification number (MAC(VIN)), 
session id number, 

customer public key (PuR-A) encrypted{ 
vendor secret key (SeK-Vn) encrypted 

{vendor digitally signed (PuK-Vn) 
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{play count, vendor sequence number } } , 

>, 

customer (family key) sequence number , 

f ) . Unique vendor and customer play code with header (and sequence 
numbers) is: 

{{vendor identification number (MAC (VTN) ) , 

session id number, 

customer public key (PuK-A) encrypted! 

vendor secret key (SeK-Vn) encrypted 

{vendor digitally signed (FuK-Vn) 

{play code, vendor sequence number} }}, 
customer (family key) sequence number, 

n, 

pair to download as an identification header at the start of 
custom encrypted digital media. 

g) * Followed by the custom encrypted digital media of: 

{ 

vendor identification number (MAC(VIN)), 

session id number, 

play code encrypted digital media, 
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{ (Law Enforcement Access Field (LEAF) for law enforcement use 
only uasing the embedded movie ticket concept) : 

public key courts {public key law enforcement 

{ 

appended pass-thru encrypted play code plus 
header , 

vendor private key signed message digest cipher 
(MDC) 

} 

h) . Media distribution vendor. Party Vn, internet world wide web 
{WWW) download of the encrypted play code with header and encrypted 
play count with header to the customer A's media ticket smart card A 
inserted into a media ticket smart card reader attached to his 
personal computer, followed by download of the custom encrypted 
digital media with legally forcing of an appended pass-thru encrypted 
play code with header which is downloaded to the customer A*s 
physical digital media inserted into a drive on his personal 
computer. 

1} - Database records for each customer A, party A: 
{ 



{vendor identification number (MAC(VIN)), 
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{customer identification of party A such 

as name, address, etc., 
MAC(CIN), 
PuK-A, 

{date/ time, 

date, month, year, 

title of digital media downloaded, 

session id number, 

customer unique play code or session key, 
paid for amount, 

{date/time, 

date, month, year, 

title of digital media downloaded, 

session id number, 

customer unique play code or session key, 

paid for amount, 
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}, 

etc. 
} 

j). Only if a media ticket smart card is directly purchased and 
registered with the party Vn, a media distribution vendor database of 
customer identifications must be kept and updates sent to the central 
public key distribution authority (OPuKDA) who will notify the 
central public key access code authority {OFuKAQ , party EA, such 
that party can certified mail or securely electronically transmit 
an initial media ticket smart card access code to the customer* 

C) . Output by Vn: 

$2one. 
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Customers - Party A 



The customers, party n, such as party A, party B r etc. (party &, 
£, F, G, P, S already in use) which have knowledge of customer 
identifications and vendor identifications and his own access code to a 
particular media ticket smart card for toggle field entry into a 
cryptographic media player in order to do "customer triangle 
authentication" of point 1: customer A, to point 2: smart card A, to 
point 3: trusted cryptographic player, but, no knowledge of whole . 
cryptographic keys stored in cryptographic memory! ! ! ! 

Unique customer A, party A, completes several actions. 

A) , Input of Customer A: 

1) . Pick up at the retail store a cryptographic media player, 
a media ticket smart card, and registers the media ticket smart 
card indirectly with the media distribution vendor or else 
directly with the Central public key distribution authority (C- 
PuKDA) , party D, giving his customer name, customer address, 
etc. 

2) . Receive from the central public key access code 
authority (C-PuKAG) , party EA, his initial access code to the 
media ticket smart card which may be changed later, 

B) . Processing of Customer A: 
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Unique customer A, party A, upon every custom encrypted digital . 
media download at his prior art world wide web {WWW) connected 
personal computer: 

1)* The system family key encrypted vendor identification 
number (MAC(VIN)), is downloaded to the customer A's personal 
computer and to his media ticket smart card (as part of the 
encrypted play code with header: 

play code with header * 
{ 

vendor identification number (MAC (YIN)), 
session id, 

various layers of the encrypted play code with 
sequence number, 

) 

to ultimately identify the media vendor to the cryptographic 
media player. 
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2) , This custom encrypted digital media data which is preceded 
a media identification header: 



vendor identification number (MACfVINH, 
session id number, 

play code (session key or 1-time secret key) 

encrypted digital media, 

[ {Law Enforcement Access Field (LEAF) for law enforcement 
use only using the embedded movie ticket concept which 
limits the divulging of cryptographic keys in key escrow 
unless for a high security inquiry reason always with a 
valid court order) : 

public key courts {public key law enforcement 



appended pass-thru encrypted play code plus 
header, 

vendor private key signed message digest cipher 
(MDC) 

n 



This custom encrypted digital media with media header is 
internet world wide web downloaded by party Vh to party A f s 
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personal computer which transfers the encrypted digital media to 
a prior art personal computer's prior art peripheral drive 
containing either digital versatile disk read/write, or compact 
disk record once, or FLASH memory card- The unique encrypted 
session key, SsK-A, is transferred through the personal computer 
media ticket smart card reader to an inserted media ticket smart 
card A. 

3) . The encrypted physical media and the smart card are 
transferred by party A to his cryptographic media player [KEF 508] . 

Authorized Cryptographic Media Player - Party P 

The authorized cryptographic media players, party P 

[KEF 508] : 

which have knowledge in cryptographic key memory of 
the system family key for pass thru encryption, all 
vendor public keys, and all vendor secret keys, but, no 
knowledge of customers or cryptographic media!!?? 

4) . A cryptographic algebra notation implemented in party A f s 
cryptographic media player [REF 50 8 ] having a built-in media ticket 
smart card reader with party A*s media ticket smart card inserted 
which plays the custom encrypted digital media using a cryptographic 
digital signal processor 4REF - 500] a6 follows: 

a) ♦ the custom encrypted physical digital media is installed by 
customer A in his cryptographic digital media player (e*g, compact 
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disk record once (CD-R), digital versatile disk read/write (DVD-RM, 
DVD+RW) , flash bank programmable solid state memory cards (FLASH) , 
digital cassette tape, etc.). 



b) • the customer A* s own smart media A is installed into the 
built-in media ticket smart card reader in the cryptographic media 
player. 

c) • the cryptographic digital signal processor (OBSP) in the 
cryptographic media player, party P, retrieves the plain text media 
header: 

f 

vendor identification number (MAC(VIN)J, 
session id, 

play code encrypted digital mediae 

[ {Law Enforcement Access Field (LEAF) for law enforcement 
use only using the embedded movie ticket concept) : 

public key courts {public key law enforcement 



appended pass-thru encrypted play code plus 
header, 

vendor private key signed message digest cipher 
(MDC ) . 

210 of 737 



' >. 

at the start of the media. 

d) • the cryptographic digital signal processor (OD5P) in the 
cryptographic media player, party P, does customer triangle 
authentication to prevent use of lost or stolen media ticket smart 
cards from: 

point 1, customer A (passphrase/passcode easterner toggled 
into a built-in liquid crystal display (LCD) or else a more 
expensive and advanced bio- identification such as a digital 
fingerprint entered into a built-in fingerprint reader), to 

point 2, media ticket smart card A (with play counts and 
play codes) , to 

point 3, trusted cryptographic media player. 



Passphrase/passcQde entry into a prior art coisxputer keyboard or 
else a toggle field device with 1-line display such as a liquid 
crystal display (LCD) on the cryptographic media player [RBF 50 8 ] » 

e) , the cryptographic digital signal processor (C-B5P) in the 
cryptographic media player, party P, checks for the correct 

physical,, custom. ..eacicypted^ taedXa; • laafcah^d. with- the ;. v cox& act pedis . 
ticket smart card by doing media triangle authentication: 

point 1, custom encrypted media A, to 

point 2, media ticket smart card A with paid 
for encrypted play codes- and encrypted play counts, to 



211 of 737 



point 3, authorized cryptographic media player. 

f ) . the cryptographic digital signal processor (OBSP) in the 
cryptographic media player, party P, retrieves using system family 
key pass-thru encryption with sequence numbers to avoid recorded 
replay hacker attacks, the party A's private key, PrK-A, from party 
A f s media ticket smart card A to its own tamper resistant memory, 
This should be the only private key on the media ticket smart card. 

A more secure method which does not use a very vulnerable 
{not fully crypto memory contained) global vendor family key uses 
more media ticket smart card and more cryptographic digital signal 
processor cryptographic memory which is to use per vendor . family 
keys, or alternately to use the vendor public key and vendor 
private key for replacing the global family key for smart card A to 
crypto- DSP transfers and visa- versa- with assorted details • The 
non-vendor specific hardware- requirement forces storing crypto keys 
for all vendors in all cryptographic hardware memory. 

g) ♦ the cryptographic digital signal processor (OBSP) in the 
cryptographic media player, party P, retrieves the encrypted play 
count with customer (family key) sequence number to avoid recorded 
replay hacker attacks, from media ticket smart card A, and decrypts 
it . Where : 

play count = paid for number of plays, or -1 for infinite 
play, or 

count of free trial plays. 

If the decrypted play count is greater than one, play count) > 
0 indicates paid for or free trial plays still remaining 

The play count is decrypted by the Party P (ODSP) using 
th.es customer, party A' s smai;t card keys, PrK-A, Puft-A, and. Its 
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vendor secret keys (Sek-Vl Vn) and vendor private keys (PrK- 
VI Vn) and vendor public keys (PuK- VI Vh) and then 
decremented for accounting purposes, re-encrypted (with an 
increased customer (family key) sequence number to avoid 
recorded replay hacker attacks) : 

P-FaK-F( 

vendor identification number {MftG(VIN)) r 
session identification number, 
P- PrK-A ( P-SeK- Vn { P-PrK- Vn 
(decremented play count, 

vendor sequence number) ) ), 
incremented customer (family key) sequence number, 
) 

and then sent back to the media ticket smart card A for storage- 
If the play count is zero, further media plays or custom 
decryptions are disallowed. 

It) * the- cryptographic- digital signal processor- (ODSP). in- the 
cryptographic media player, party P, using the: 

{ 

vendor identification number (MAC{VIN)} # 
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session identification number, 
play code encrypted digital media, 

[(Law Enforcement Access Field (LEAF) for law enforcement 
use only using the embedded movie ticket concept): 

public key courts {public key law enforcement 

{ 

appended pass-thru encrypted play code plus 
header, 

vendor private key signed message digest cipher 
(MDC) 

11 

■ 

identification header from the encrypted digital media, 
retrieves the pass- thru encrypted play code with header; 

{vendor identification number {MAC (VTN) } , 

session identification number, 

various layers of encrypted play code- with sequence 
number},' 

which may be one of many , encrypted play codes even from 
different vendors stored in his media ticket smart card A which 
is transferred to the cryptographic' media player's own tamper 
resistant memory. The pass-thru encrypted play code with 
sequence number is already digitally signed by the media 
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distribution vendor's private key, PrK-Vn, and then 3 -way 
encrypted: 

Vn-FaK-F { 

MAC (VTN) , 
session id, 
Vn-PuX-A (Vn-SeK-Vn 

{Vn-PrK-Vn (Vn-SsK-A, vendor sequence nuuiber) } ) 
customer (family key) sequence number 
} = pass- thru encrypted play code with header. 

NOTE: 

Sequence Numbers - The sequence numbers are needed to prevent 
recorded replay attacks on wiretapable buses of pass-thru 
encrypted signals; inside of the cryptographic media, player . The, 
vendor- sequence number- can only be - incremented by a party with 
the vendor secret key (SeK-Vn) , customer private key (PrK-n) / 
and system family key (FaK-F) who are the party G for any 
vendor, the party Vn only for his own play codes and play 
counts,, or. the cryptographic media player^ party R, foe. any 
vendor which player has a collection of all vendor secret keys 
{SeK-Vl to Vn) and a collection of all vendor private keys (PrX- 
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VI to Vn) • Used in key ownership re-assignment operations by 
the ODSP. The player can also check the cryptographic media 
player, party P, digital signature, and can obtain the customer 
A f s private key (PrK-A) and public key (PuK-A) from customer's 
inserted media ticket smart card A. The customer {family key) 
.s&f&mg&l] TirtB^eic is. for media, ticket smart card, use only for 
loop-back operations with the ODSP. 

i) . The cryptographic digital signal processor {C-BSP) inside of 
the cryptographic media player, party P, having all authorized 
system vendor public keys,- PuK-Vn,- and all authorized system vendor 
secret keys, SeK-Vn, which are pre-factory installed by the public 
key generation authority, party G, must retrieve only the unique 
vendor's Vn's public key, PuK-Vn, and secret key, SeK~Vn, using the 
vendor identification number from step 1) and step 5) „ 

j). The cryptographic digital signal processor (C-DSP) inside of 
the cryptographic media player, party P,, uses the system family key 
(FaK-F), for pass- thru decryption, the customer's private key (Frft- 
A) obtained from the inserted media ticket smart card A, the vendor 
Vn's unique secret key (SeK-Vn) and vendor private key {PrK-Yn>, to 
decrypt the digitally signed play code with sequence number, and 
finally the vendor Vn f s unique public key (PuK-Vn) to digitally 
descramble the play code to give the fully unencrypted play code or 
session key fl-time secret key) with vendor sequence number: 
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P-SeK-Vn £P-PrK-A 

remove MAC (VIN) , 

remove session identification number, 

remove customer (family key) sequence number, 

fP-FaK-F 

(pass-thru encrypted play code with header) 
») = temp-}. 

- still custom encrypted vendor digitally signed play 

code with vendor sequence number. 

Use of the customer A private key upon the digitally signed 
play code will allow play code access: 

P-PrK-A(teisp-j) = temp-k 

- vendor secret key encrypted and vendor digitally signed 

(play code, vendor sequence number ) . 

P-SeK-Vn (temp-k) = temp- I 

= vendor digitally signed (play code, vendor sequence 

number) , 
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P-PuK-Vh ( temp-1 ) = temp -in = (play code, vendor sequence 
number) , 

NOTE: Sequence Numbers - (see previous NOTE) . 

k) . The party A* s cryptographic digital signal processor (C- 
DSP) , party P, uses the unencrypted play code or session key (D- 
SsK-A), to decrypt the session key (1-time secret key) encrypted 
digital medium from party Vn. 

1). The party A f s cryptographic digital signal processor (C-DSP) 
will artificially digitally degrade video and audio signals before 
analog output. This effect will help counter digital recorders 
wiretapping of l sfc generation analog output for further digital to 
digital music and movie piracy criminal intentions. 

A fully digital movie projector using micro-mirror machine 
(HMM) modules can input encrypted media directly if it has its 
own decryption digital signal processor function without 
wiretapping points* 

Fully digital loudspeakers can work in a likewise manner 
with encrypted media. 

C) . output by Customer A. 
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Customers - Party A with Lost, Stolen, Legally 

Disputed Smart Cards 

The customers, party n, such as party A, party B, etc. (party B, 
E, F, G, P, s already In use) 

which has knowledge of customer identifications and vendor 
identifications and his own access code to a particular media 
ticket smart card for toggle field entry into a cryptographic 
media player, but, no knowledge of whole cryptographic keys 
stored in cryptographic memory! ! ! ! 

for use in lost, stolen, or legally disputed ownership media ticket 
smart cards, 

A) . Input of Party D; 

1). Customer party A contact the central public key distribution 
authority (C-PuKDA) , party D, with his customer name and public 
customer identification number (MAC(CIN)} to cancel the old media 
ticket smart card. 

B) . Processing by Party D: 

1) „ Party D will mark the old media ticket smart card as 
cancelled in his database. 
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authorized media distribution vendor identification number 
{MAC (YIN) ) , 

{ — , 

customer identification number (MAC (CIN) } , 



customer's public key (PuK-n), 

eventual registered customer name (retail store 
registered, 

Web registered, or registration postcard) , 
lost/stolen/disputed legal ownership field, 
1, 
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2) . Party D will use the public customer identification number 
(MAC(CIN)) to contact the central public key escrow authorities, 
parties En, to obtain the split customer private keys from their 
databases which are indexed by this number, since, the parties En 
have absolutely no knowledge of customer identities, 

3) . Party D will use the public customer identification number 
(MAC (CTH) ) to contact the media distribution vendors, parties Vn, to 
obtain all the issued encrypted play codes {session keys or 1-time 
secret keys) with header and sequence number and encrypted play 
counts with header and sequence number used by customer A. The 
encrypted play counts may not be up to date or matching of the 
encrypted play counts in the lost or stolen media ticket smart card, 
but, if infinite plays are allowed this is acceptable. 

The parties Vn have the database records: 

f 

vendor index number (VIN) , 

vendor identification number (MAC (VIN)), 

{ 

customer identification party A such as name, address, 
etc.}, 
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customer identification number (MAC (C IN) ) r 
public key of customer A (PuK-A) , 
{ 

date/time, 
download date, 
download month, 
download year, 
download time, 

title of digital media downloaded, 
session id number, 
paid for amount, 

pass-thru encrypted play code with header & 

vendor sequence number, customer sequence no 

pass-thru encrypted play count with header & 

vendor sequence number, customer sequence no 

>, 
i 

date/ time, 
download date, 
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download month, 
download year, 
download time, 

title of digital media downloaded, 
session id number, 
paid for amount, 

pass-thru encrypted play code with header & 

vendor sequence number, customer sequence no* 

pass -thru encrypted play count with header & 

vendor sequence number, customer sequence no. 

>, 
etc. 

i 

4) . Party D will issue a new media ticket smart card with the 
previous customer A, private key A, PrK-A, and matching public key A, 
PuK-A, with the previously issued play codes and play counts. The 
new smart card will work with existing custom encrypted physical 
media. 

For use in legal transfer of entire ownership of a media 
ticket smart card A and all custom cryptographic media associated 
with it from party A to party B. This is called legal ff first use." 



This is accomplished by use of a cryptographic media player 
[REF 508] to read from customer party A' s media ticket smart card the 
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tamper resistant memory the encrypted 3~way encrypted and digitally 
signed play code or session key (SsK) with header: 



Vh-FaK-F{ 
HACfVXN), 

session identification, 

Vn-PtiK-A (Vn-SeK-Vn ( 

Vn-PrK-Vn (Vn-SsK-A, vendor sequence nussber) ) ) 

customer (family key) sequence number 

) = 3-way encrypted and digitally signed, pass-thro 

encrypted play code v/ith header (and sequence 
numbers) . 

NOTE: Sequence Numbers - (see previous NOTE on sequence no's). 
Where : 

Vn = the media distribution party 

F - family key or group secret key 

A-PuK-B « party A using the public key for party B 

The cryptographic media player [REF 50 8 ] , party P, can partially 
decrypt party A r s play codes or session key (SsK-A> in his media 
ticket smart card A, and re-encrypt it over to party B ? s play codes 
or session key (SsK-B) , by the decryption steps: 

P-FaK-F (encrypted play code with header (and sequence 

numbers) ) = 
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I vendor identification number (MAC(VTN)), 

session identification number, 

customer A public key encrypted, 

vendor secret key encrypted, 

vendor digitally signed {play code, 

vendor sequence number +1}, 

customer (family key) sequence number + 1} « temp-Bl- 

Remove MAC (VIN) , remove session identification number, and 
customer (family key) sequence number from temp-El = temp-B2. 

Apply customer A private key to temp-B2 to decrypt it to temp-B3 . 

Apply vendor secret key to temp-B3 to decrypt it to temp-B4. 

Apply vendor public key to temp-B4 to de-scramble it to temp-85. 

Increment vendor sequence number in temp-B5 . 

Party P (C-BSP) then does the key ownership change re-encryption 
steps for customer B: 

F-FaK-F{ vendor identification number, 

Session identification number, 

P~PuK-B(P-SeK-Vn( 

P-PrK-Vn(tei3$>-B5) , 

customer (family key) sequence number + 1 

) = temp-BS, 
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which changes the public key encryption of customer A to the public 
key encryption of customer B» The public key of customer B, PuKHB, 
must be obtained from some internet connected source as public 
information. The re-encrypted play code with header, Z, can be 
returned to the media ticket smart card of party B. 



C) . ■ Output by Party D: 



None- 
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Federated Cryptographic Architecture 



A) . Central layer - media ticket smart card system authority, party 
s, which has the entirely separated and autonomous functions of: 

central public key generation authority (104), party G, 

central public key distribution authority (108), party D, 

central public key escrow authorities (120 & 124) (C-PuKEA-A & 

B) , parties En, using an embodiment of the media ticket smart card 
public key cryptography algorithm, central public key distribution 
authority database ID number 0 (112), and central public key 
distribution authority key escrow agents (128) for optionally 
holding split private keys and family keys. This layer does pre- 
factory preparation of media ticket smart cards, 

B) . Local layer - authorized media distribution companies, Vh, 
which own the digital media, 

C) , Customer layer - customer parties A> B, C> G , a, b, c, i to z , 
etc. using any prior art customer residence or customer business 
personal computers (200) and the use of media ticket smart cards 
(212) A-n, matched to each customer such as media ticket smart card A 
matched to customer A, media ticket smart card B matched to customer 
B, etc. which are used to hold cryptographic customer private keys 
and encrypted play codes (session keys or 1-time secret keys) with 
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header and encrypted play counts (paid for numbers of plays f -1 for 
infinite plays, or counts of free trial plays) with header. 

Fig. 2 is a circuit block diagram of a prior art cryptographic 
microprocessor unit with tamper resistant non-volatile electrically 
erasable programmable read only memory (TNV-EEPRCM) found in a prior 
art smart card. 

Fig. 3 is a circuit block diagram of a prior art media ticket smart 
card (212) containing a cryptographic microprocessor. This is used 
for secret key and private key secure containment and physical 
t r an spor fca t i on . 

Fig. 4 is a circuit block diagram of a prior art media ticket smart 
card reader attached to a personal computer. 

Media ticket smart card reader 

This cryptographic device consists of: 

A) . A built-in or embedded, crypto-microprocessor integrated 
circuit (OuP) (see above) used for pass- thru encryption. 

B) . A physical contact or optical (non-physical contact) connector 
to a smart card. 

A physical contact can provide a power pin which makes a watch 
battery unnecessary on the Smart Card. 
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C) . I/O circuitry is a universal serial bus (USB.) bus connection to 
an external personal computer* 

D) . Durable packaging which is weather resistant, electrostatic 
resistant, electromagnetic resistant, temperature extreme resistant, 
grease resistant, etc. 

E) . Package is credit card reader sized, but, slightly thicker and 
slightly heavier. 

F) . External to device printed labeling: 

customer's name 

customer * s address 

customer's identification 

authorization sticker of trusted smart 

card reader licensing and expiration date. 

The mjedia ticket smart card readers have no secret construction and 
can be publicly reviewed and commercially manufactured. 
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Fig. 5 is a circuit block diagram of a crypto digital signal 
processor chip JC-DSP) (932) / future patent pending [RSF 500] . This is 
used for doing hybrid key cryptography which is both public key 
cryptography and fast hardware based secret key cryptography with 
hardware block error detection and correction all done inside of a 
digital signal processor with Moving Picture Expert's Group (MPEG-X) 
decompression support. 



230 of 737 



Crypto Digital Signal Processors (ODSP's) 



S e e [REF 500] , — futur e patent pending. 

NOTE; This is a new type of full custom integrated circuit (IC) in 
a single- IC package (having no external wiretapping points} 
consisting of: 

A) • a 32-bit or 64-bit cryptographic digital signal processor 
(DSP) used instead of dedicated circuitry for flexible updates with 
new algorithms and handling longer secret and private keys- Used 
for analog to digital signal (ADC) conversion, digital processing 
of analog signals, and digital to analog signal conversion (DACJ . 
Firmware support for hybrid key cryptography for use with a 
separate hardware secret key decryption only circuit (e.g. 56-bit 
Data Encryption Standard (DES) in triple key mode and also several 
cipher block chaining modes and stream cipher modes) which also 
does hardware block error detection and error correction critical 
with block chaining cipher modes . Firmware support for coordinated 
use with a separate MPEG X decompression only circuit for most 
commercial play-only applications for music, movies. 

B) * Tamper resistant, non-volatile, electrically erasable 
programmable read only memory ( TNV-EE PROM ) for crypto key storage 
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of private keys, secret keys f session keys, f ami ly keys, and often 
used public keys, and crypto algorithm and protocols program store, 

C} • Static random access memory (SRAM) for temporary data store, 
D) - I/O circuitry: 

direct memory access (DMA) controllers, 

memory address strobing, 

programmable interrupt controller (PIC) 
£) . counter timer circuits (CTC's) 
F) . A true random number generator - 

e.g. a radioactive source or electronic random noise emitter 

G) . A hardware circuit to do large integer to large integer 
exponentiation with a modulo (remainder) function by the "binary 
square and add method" which will be used for fast public key RSA 
(R) , USA (R) , Dif f ie-Rellman (R) encryption of the RSA form: 

Cipher Text = (Plain Text} exp (e) modulo n 

where e is the encryption public key integer, and 

n is a large prime integer number base* 

and decryption of the RSA form: 

Plain Text = (Cipher Text) exp (d) modulo n 

where d is the decryption private key private key 
integer, and n is the same. 



232 of 737 



H) . A hardware circuit to do fast session key 1-tinae secret key 
(SsK-n) ) "on the fly (up to 16 megabytes / sec ) " secret key 
decryption of the digital signal retrieved from physical medium 
(e.g. hard disk, EE PROM memory card, DVD-RW, DVB4RW, CD-R) . 

This can be an existing IBM patented Data Encryption Standard 
(PES) integrated circuit used in a silicon coiapiler library as a 
added function in a larger chip. 

Standard secret key algorithm is 56-bit standard Data 
Encryption Standard (DES R ) ) in triple key mode, cipher block 
chaining {CBC) mode, electronic codebook (ECB) mode, cipher 
feed-back mode (CFB) mode, and output feedback mode (OFB) mode. 

Standard DES substitution {S) -boxes and permutation (P)- 
boxes are used and are firmware downloadable with the entry of 
special hardware access keys. 

Built-in hardware block error detection and error correction 
circuits necessary to prevent rampant error propagation when 
using block chaining modes . 

NOTE: Linear feedback shift register (LFSR) circuits are 
easily cracked by hackers and should be avoided! ! ! I 

I) . A cryptographic hardware circuit to do fast digital signal 
processing (crypto-DSP) of the already hardware decrypted but still 
MPEG-X compressed digital audio/video signal. The xx cipher text" or 
session key encrypted MPEG-X compressed digital signal was - 
retrieved earlier from physical storage medium (e.g. hard disk, 
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EEPRCM bank programmable memory card f digital versatile disk (DVB) , 
compact disk (CD) ) . 

In this patent's application area, the MPEG-X compressed digital 
data is entirely one way read from physical recording medium, put 
through block error and detection circuitry (which may be combined 
with the decryption circuitry), session key DES {R ) decrypted with 
the play code, MPEG-X decompressed, digitally artificially degraded 
(an option for analog watermarking of some form is possible), 
converted to analog and played. There is no need for the reverse 
unencrypted and uncompressed "plain text" medium to compressed and 
encrypted "cipher text" medium process as in general 2 -way 
cryptography messaging. See BACKGROUND - Cross-References To My 
Related Indentions - A Cryptographic Digital Signal Processor T 
patent pending [REF 500] . 

The future patent pending crypto-DSP' s [REF 500] will be custom, 
single chip integrated circuit (IC) to avoid external and internal 
wiretapping points. A wire-mesh intermetallic layer on the top of 
the chip with load impedance monitoring circuits is used to detect 
test probes which will initiate erasure of the TNV-EEPROM crypto 
memory. The chip will use a cryptographic digital signal processor 
(crypto-DSP) to coordinate hardware error detection and correction, 
fast hardware session key (SsK-n) DES (R ) decryption, MPEG X 
hardware digital decompression, and then "playing" of the session 
key (SsK-n), custom encrypted, MPEG X compressed, digital media 
retrieved from physical medium. They will artificially digitally 
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degrade signals before analog output to counter digital recorder 
piracy of wiretapped 1 st generation analog signals* 

The alternate technology to counter 1 st generation analog signal 
theft is to add analog watermarks* Analog watermarks come in two 
forms. The first form is pseudo-random fine-line background 
noise imperceptible to the human eye or ear which can be used to 
audit trail source and copyright status of digital media meant to 
counter digital recordings of 1 st generation analog output. The 
second analog watermark form is used in video data for human 
perceptible, subtle, pseudo-random, edge pattern effects which do 
not disturb the viewer, but, can be measured for audit trail 
purposes and is meant to counter "premier movie" digital video- 
camera tape recordings. In y. 2002, analog watermarks are not 
proven as to being hacker proof given the hacker use of powerful 
personal computer digital signal processing filter programs. The 
analog output will go to analog loudspeakers. Digital output 
modulated to analog will go to computer digital video displays 
(e„g* SVGA, UXGA computer monitors) . 

The crypto-DSP's for an audio only cryptographic media player 
(e.g. cryptographic MP 3 player) future patent ponding [REF 508 j 
will be a custom integrated circuit (IC) combined with silicon 
compiler circuitry in a single integrated circuit with built-in 
functions of: 
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digital signal processing (crypto-DSP) functions and also 

coordination and byte shuffling , 

fast hardware block error detection and correction, 

fast hardware session key (1-time secret key) or session 
key (SsK-n) DES (R ) decryption unit using IBM's patented Data 
Encryption Standard (DES), 

fast hardware MPEG X decompression, 

tamper resistant non-volatile electrically erasable 
programmable read only memory (TNV-EEPROM) for crypto keys and 
crypto computer programs 

a hardware true random number generator such as a randoms 
noise circuit 

a hardware circuit to do large integer to large integer 
exponentiation with a modulo (remainder) function by the 
"binary square and add method" which will be used for fast 
public key USA (R) , DSA (R) , Dif f ie-Hellman (R) encryption and 
decryption of the form: 

cipher text = plain text exponent (e modulo n) 

where e is the encryption public key integer, 

and n is a large prime integer number. 
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n-channel digital audio signal processing as from digitally 
compressed MPEG X audio retrieved froxu physical medium 

n- channel MPEG X audio "one -half codec" {only MPEG X 
decompression for n-channels is needed with no MPEG X 
compression functions) 

n-channel artificial digital audio signal degradation, 

n-channel digital to analog signal converters with line 
amplifiers for output to analog loud-speakers, 

The crypto-DSP's for an audio/video cryptographic media player 
patent pending — [RfiF 508] will be a custom integrated circuit 
(IC) with built-in functions of: 

digital signal processing (crypto-DSP) functions 

and also coordination and byte shuffling, 

fast hardware block error detection and correction, 

fast hardware session key (1-time secret key} or session 
key (SsK-n) DES (R ) decryption unit using IBM's patented Data 
Encryption Standard (DES) , 

fast hardware MPEG X decompression, 
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tamper resistant non-volatile electrically erasable 
programmable read only memory (TNV-EEPROM) - for crypto keys 
and crypto programs 

a hardware true random number generator such as a random 
noise circuit 

a hardware circuit to do large integer to large integer 
exponentiation with a modulo (remainder) function by the 
"binary square and add method" which will be used for fast 
public key RSA (R) , DSA (R) , Oif f ie-Hellman (R) encryption and 
decryption of the form: 

cipher text = plain text exponent (e modulo n) 

where e is the encryption public key integer, 
and n is a large prime integer number, 
digital video signal processing 

n-channel MPEG X audio/ video "one-half codec" (only n- 
channel MPEG X audio (2-channel) /video decompression is needed 
with no MPEG X compression) 

artificial audio/digital video signal degradation, 

digital to analog video signal converters such as a random 
access memory digital to analog converters (RAMDAC) and line 
amplifiers* 
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digital to digital video signal converters and line 
amplifiers such as a random access memory digital to analog 
converter (RAMDAC) (e-g. digital modulated to analog output of 
SVGA RAMDAC, UXGA RAM-DAC) . 

n-channel digital to analog signal converters with line 
amplifiers for output to analog loud-speakers. 

The crypto-DSP's for a video only electronic book or 
electronic newspaper cryptographic media player future patent 
pending [KEF 508] will be a custom integrated circuit (IC) combined 
in a single integrated circuit with built-in functions of: 

digital signal processing (crypto-DSP) functions and also 
coordination and byte shuffling, 

fast Reed-Solomon (RS) hardware block error detection and 
correction preferably included with the hardware secret key 
decryption hardware, 

fast hardware session key (1-time secret key) or session 
key (SsK-n) DES (R ) decryption only unit for 'canned media' 
players using IBM' s patented Data Encryption Standard (DES) , 

fast hardware MPEG X decompression, 

tamper resistant non-volatile electrically erasable 
programmable read only memory (TNV-EEPROM) - for crypto keys 
and crypto programs 
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digital video signal processing n-channel MPEG X video only 
*one-hal£ CODEC" (only n-channel MPEG X audio {2- 
channel) /video decompression is needed with no MPEG X 
compression} 

artificial audio/digital video signal degradation., 

digital to analog video signal converters such as a random 
access memory digital to analog converters {RAMDAC) and line 
amplifiers. 

digital to digital video signal converters and line 
amplifiers such as a random access memory digital to analog 
converter (e.g. digital modulated to analog output of SVGA 
iRAMDAC, TJXGA RAMDAC) . 

The cryptographic DSP's have no secret construction and can 
be publicly reviewed and commercially manuf actured- 
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HACKER ATTACKS UPON THE 



CRYPTO-DSP 

A hacker party wishing to get a digital sound or video master 
copy for illegal distribution merely has to tap off with alligator 
clips the wires going to the analog speakers for a 1 st generation 
analog digital copy (which will experience no further degradation in 
digital to digital copying) . The resulting digital signal will be a 
copy of a clear-text, 1st generation analog signal which is countered 
by an artificially digitally degraded signal. Video wiretapping of 
1 st - generation analog video signals is more difficult because the 
digital modulated to analog output (analog R'G'B') which goes to a 
computer monitor like digital television screen is very high 
frequency. A sampling digital mode at the screen refresh rate might 
capture an acceptable digital pirated copy. The pirate can simply 
use a digital video camera to videotape a movie screening in 1- 
channel sound while adding the wiretapped audio track later on. 
Another counter to 1 st generation analog copying is analog 
watermarking as explained in the crypto-digital signal processor (C- 
DSP) section just above. The analog watermarkings are currently in 
y, 2002 hot technically proven as being safe from hacker personal 
computer filtering. The recording into a digital recorder will give 
the hacker a very high quality clear-text/ digital master of a l*' 
generation analog signal for illegal distribution and unlimited and 
perfect digital to digital reproduction without further signal 
degradation unlike old analog to analog or analog to digital copy 
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methods. A few digital copies for personal customer use are allowed 
as "fair use" under the US Copyright laws. 

A clear- text digital audio master can be run through a Motion 
Pictures Electronics Group, Standards Version I Audio Compression 
Layer 3 (MPEG I audio layer 3 or shortened to MP3J computer program. 
The resulting MP3 file (even of internationally copyrighted material ) 
can be freely distributed on the internet over peer-to-peer, Web file 
sharing services such as Napster (R) brand, Gnutella (R) brand* The 
illegal distribution for profit of copyrighted material is a US 
Federal felony t The illegal distribution for non-personal use copi&s 
of copyrighted material is a US misdemeanor. Such services are 
widely used in the year 2001 for illegally distributing music from 
compact disks {CD's) . CD audio was never encrypted giving hackers 
access to the audio, digital master. 

A clear-text audio/video master can be obtained by similar 
illegal recording techniques. Digital video movies can be 
distributed in the same illegal manner. The Content Scrambling 
System (CSS) (R) is a standard 1990*3 "on the fly" digital encryption 
scheme used by digital versatile disks (DVD's.) for storing movies. 
The technology is based upon a pair of linear feed-hack shift 
registers (LFSR) which is an old technology easily cracked by 
personal computer (PC) simulation programs in the year 2001. A 
hacker attack by a Swedish group called "Anathema* in the year 2001, 
cracked this code giving hackers access to the digital masters of DVD 
distributed movies and movie soundtracks. 
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Fig, G is a circuit block diagram of a cryptographic media player f 
future patent pending [IXEF 508] with a built-in media ticket smart 
card reader. 



Internal (to PC) Cryptographic 

Media Players (patent pending) — [REF 508] 

These are peripheral component interconnect (PCI) I/O computer 
bus crypto- sound cards and PCI bus crypto- video and AGP bus crypto- 
video cards- Each card is based upon an embedded crypto- DSP, 
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External (to PC) Cryptographic 

Media Players (patent pending) — [R3SF 500} 

These are future versions of today's MP 3 players which play digital 
audio in compressed MP3 digital format. Future stand alone versions 
will have controlled digital media in custom encrypted form. These 
will be called crypto-MP3 players, crypto-CD players, and crypto-DVD 
players- These are all based around an embedded crypto- DSP. 

An interesting example of this class will be a stand-alone smart 
appliance which will be internet connectabie/ have a ntedia ticket smart 
card reader interface-/ have a crypto toggle data entry field or future 
bio-identif ieatiott reader such as a digital fingerprint reader, have .an 
embedded crypto-DSP core, have cryptographic media or 1-way transfer of 
custom session key encrypted media writing capabilities, crypto media 
reading capabilities, and a crypto-DSP for media playing. This type of 
transition device will allow secure recording of crypto media during 
the period of industry transition from non-crypto CPU based PC's to 
crypto-CPU based PC's, 

The above internet connected example only with cryptographic 
writing capabilities for different user selected types of media (e.g. 
DVD-RW, Cl>-KW, CI3-K, KiASH (H) Memory Card, can provide a store juke- 
box machine for dispensing crypto media for users without a crypto-PC, 
but, with external or internal cryptographic media players [REF 508] . 
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ADVANTAGES - Over the Prior Art - 



Preferred Embodiment 

A, An advantage of this invention is to support physical 
distribution of internet "downloaded" custom encrypted digital media 

(ooc INFERENCES NON -PATENT LITERATURE f REF -500 j - "The Secure Digital 

Music Initiative (SDMI) " ) which is w played* or decrypted upon a special 
cryptographic .media player with inserted portable media. The portable 
media may also be purchased directly from the retail store. 

On e i n*p 1 ewten ta t i on for d i g i ta "I med i a d i St r i bu t i on i s to use 
custom encryption of digital media factory or internet deposited onto 
compact disk record once (CD-R) f digital versatile disk read/write 
{DVD-RW {R ) , DVD^RW (R ) ) , or flash me^icry cards (FLASH) . Hatching 
removable and easily transportable prior art media ticket smart cards 
will provide custom encryption and decryption by securely containing 
cryptographic keys called customer private keys, PrK-n, encrypted play 
codes {session keys or 1-time secret keys) with headers and also 
encrypted play counts (paid for numbers of play, -1 for infinite plays, 
of counts or free trial plays) with headers. The media ticket smart 
cards can be remotely programmed over the internet using prior art 
media ticket smart card readers attached to prior art personal 
computers. 

The encrypted diqital media is either factory distributed in 

physical forsi or else remotely internet downloaded. The matching media 
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ticket smart card is also either factory distributed or internet 
updated. Only encrypted {"red") media with unlimited copy potential is 
allowed upon any wiretapabie ("red"} or public cables and buses, 
computer disks, CL? S s, DVD's, FLASH (R) Memory Cards (KKPRGtM) . The 
custom encrypted digital media and the matching media ticket smart card 
must be physically transferred and attached to a cryptographic media 
player (REF 5Q8U 

At the cryptographic media player [REF 508] , the media ticket 
smart card must be Inserted into a media ticket smart- card reader in- 
order to deposit the encrypted play code with header and encrypted play 
count with header over wiretapable <"red n ) computer buses into the 
smart media player's crypto -dig itai signal processor unit [REF 500] . 
The physical medium must be inserted into the smart media player. 
Thereafter, the cryptographic digital signal processor unit [REF 500] , 
can do custom decryption of custom encrypted digital masters done "on 
the fly-" -A crypfco-audio player will just have a crypto- audio unit 
based upon a crypto-uigital signal processor [REF 500] . A crypto-video 
player will be a computer with a crypto-video card (252) and crypto— 
sound card C252} . Output ted decrypted analog sound and video ("red*} 
must be digitally degraded before digital to analog conversion (DAC) to 
avoid giving away digital masters. The alternate technology of analog 
waterinarking of analog output to counter signal piracy in y. 2002 is 
mathematically unproven as hackers can easily run computer filter 
programs to eliminate such extraneous signals* 

The effective iise of custom encrypted computer programs, multi- 
media programs, and computer games is left out of this patent for a 
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number of reasons. The main difficulty here is that digital computer 
code is involved along with digital computer data. The digital 
computer code because it hops around in program counter execution 
cannot be decrypted real-time unlike the computer digital data which is 
accessed sequentially. A new type of crypto-personal computer (C-PC) 
with a new type of cryptographic operating system (C-03) containing a 
new type of cryp to-central processing unit (C-CPU) roust be developed 
which runs off of a *disk vault" or secure {"black") area of the 
computer hard disk holding already decrypted computer programs for CPU 
execution speed and either decrypted computer data needing real-time 
decryption or un-decrypted computer data. This secure hard disk area 
called a "'disk vault" is classified erased upon computer power-down. A 
non-secure { w red w 3 area of the computer hard disk holds encrypted data 
or else non-classified data. A "disk vault" or encrypted hard disk 
saountable disk volume may also be used which holds classified data 
files and classified computer programs which are encrypted upon power- 
down or no k&yhoard use for a programmed period and decrypted upon 
computer power-up and disk mounting. 

This patent limits itself to giving structure and a cryptographic 
architecture to a new type of cryptographic media player [REF tiUgj 
which contains a cryptographic digital signal processing chip [REF 500] 
and a built-in media ticket smart card reader. 

This patent also gives a cryptographic structure to secure pass- 
thru encryption mechanisms for moving internet downloaded crypto keys 
over wiretapabie J w red w ) prior art computer buses existing on prior art 
personal computers* 
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B. An advantage of this invention is to use only one media ticket- 
smart card per owner with many digital media distribution vendors* 

This is accomplished by having factory pre-instaiied public key 
cryptography matched pairs of private keys and public keys with a 
private key for customer A held in his own media ticket smart card and 
the matching public key for customer A publicly available on the 
internet, also family keys or common secret keys are factory pre- 
distributed to relevant and authorized system users and components* 

This is accomplished by having different media distribution 
vendors (e.g. Disney/ABC Capital Cities* AOL/Titae-Warner # EKI Kxxsic, 
Arista Records, Polygram Records, Bartlesmann, etc*) internet world 
wide web download session key (1-time seci^et key) encrypted digital 
media to disk and its matching pass-thru encrypted play code and 
encrypted play count downloaded to party A f s media ticket smart card. 

C. An advantage of this invention is to allow the owner's one iiiedia 
ticket smart card to be used with any owner's cryptographic media 
player [REF 508] * 

This is accomplished by having common media ticket smart cards 
and media ticket smart card readers in every cryptographic media player 
{REF 50 8 j with standards based media ticket smart card public key 
cryptography protocols* 
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D, An advantage of this invention is to stop the use of any 
unauthorized digital copying of digital media. 

This is accomplished by the use of custom session key (I- time 
secret key* encryption of digital media. This media is useless without 
the customer 1 s media ticket smart card programmed with a matching 
encrypted play code (pass-thru encrypted session key or i-tixae secret 
key) with header and encrypted play count (paid for number of plays, -1 
for infinite plays, or number of tree trial plays) greater than 0 with 
header, 

E. An advantaqe of this invention is to restrict one diqitai media 
distribution cossspany ' s unencrypted digital masters only to itself and 
absolutely no other party especially access by any other competing 
digital media distribution company, 

This is accomplished by the media ticket smart card system authority 
being broken up into three entirely separate functions and groups: 

the public key generating authority, party G, {aavess to private 
keys and family keys but no access to customer identifications) 

the public key distribution authority, party D (access to. customer 
identifications but no access to private keys or family keys), 
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the public key escrow authorities, party El and party E2 (El has 
access to only half of key split private keys, and half of key split 
family keys, hut, no access to customer identifications). 

In it i-QTif use of. the media distribution co^spany i Ytl ) F utiitpie 
secret key (SeK-Vn), known only by the public key media ticket smart 
card system authority, the optional key escrow parties (party Kl and 
party K2) f the owning media distribution company (party Vh) , and the 
cryptographic media player [REF 508] having a copy of all such secret 
keys for all vendors in its secure memory. 

F. An advantage of this invention is to allow play counts or count 
controlled plays or counted decryptions of custom encrypted media 
including counts of free trial media plays * 

This is accomplished by the use of custom session key (l~time 
secret key) encryption of digital media, This media is useless without 
the customer's media ticket smart card programmed with a matching 
encrypted play code (pass-thru encrypted session key or 1-time secret 
key) with header and encrypted play count (paid for number of plays or 
number of free trial plays) greater than 0 with header. 
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G* An advantage of this invention is to provide all public key 
cryptography legal attributes such as: 

1) authentication (like an exchange of photo id's or thxmbprints) 

2) . encryption/decryption (for privacy) 

3} . integrity (wholeness or non-tampering} 

4} . digital signatures (like handwritten signatures) 

5) • non-repudiation {denying digital signatures) 

6} ♦ authorization (approval using digital signatures and dating or 
official post marks) 

7} . archiving (storing digitally signed documents in a high 
integrity environment) 

8) . accessibility (restricting access to authorized users) 

9) * a*Jdit trail (recording accesses to information with public key 
ID's, dates, times, and locations) 

10) . play counts/play codes for counting paid for and authorized 
personally encrypted digital media plays and for decrypting them 

11) . crypto key splitting and key escrow. 
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12) . crypto key administration and key architectures. 



The invention provides these legal attributes through the use of 
hybrid key cryptography which is public key cryptography combined with 
secret key cryptography, smart cards f and key escrow concepts. Public 
key cryptography provides authentication, secret key exchanges, 
integrity using private key signed message authentication ciphers 
(MAC'S) and message digest ciphers (MDC's) , digital signatures using 
private key signed MDC's, authorization using digital signatures. 

Secret key cryptography provides fast software and hardware based 
encrypt ion/ decrypt ion , 

Smart cards provide non- repudiation using crypto memory tor all 
crypto keys, audit trail, accessibility, and archiving using registered 
smart cards, and play codes and play counts stored in smart card crypto 
memory . 

Key escrow cryptography provides crypto key splitting and key 
escrow architectures. 

H. An advantage of this invention is to support pass-thru encryption 
of play codes (session keys or 1-time secret keys) and play counts 
(paid for numbers of plays, -1 for indefinite plays, or counts of free 
trial plays) for their trip from a media distribution company's central 
web server over the open Internet to a customer's personal computer 
over wiretapable buses to a secure, cryptographic memory inside of a 
smart card inserted into a media ticket smart card reader attached to 
the personal computer. 
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I. Ail advantage of this invention is to support physical transfer of 
encrypted digital media in the form of digital versatile disk 
read/write CDVD-P.W (R) , DVD+RW (R) 3 , compact disk record once (CD-R) , 
and bank programmable solid state * memory cards (KijAJSH (R) ) , and also 
the physical transfer of media ticket smart cards from a customer *s 
personal computer (PC) to a cryptographic media player [RSF 5QS] (e.g. 
crypto-MP3) , 

J* An advantage' of this invention is to support pass-thru encryption 
of cryptographic keys in the form of play codes (session keys or 1-time 
secret keys) and play counts (paid for numbers of plays, -I for 
indefinite plays, or counts of free trial plays) from a smart card 
inserted into a media ticket smart card reader built— into a 
cryptographic media player [REF 508] for transferring such keys over 
vjiretapabie {"red") computer buses to a cryptographic digital signal 
processor unit having its own tamper resistant non-volatile 
^le.atriaally erasable programmable read only memory which processor is 
contained inside of the cryptographic media player [REF 503] . 

Examples are pass- thru, encrypted, transfer of keys from smart 
cards to media ticket smart card readers (using media ticket smart card 
reader vendor family keys) to crypto-DSP* s (using crypto-DSP vendor 
family keys) to crypto-CPtr s (using crypto-CPU vendor family keys) to 
crypto-GS's (using crypto-OS family keys) to crypto-sof tware {using 
crypto- so ft ware family keys) . 
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K. An advantage of this invention is to support an optional 
citizen/ customer media ticket smart card authentication triangle 
between the three points of: 

point 1, customer A to (a first means of a paLSsphrase/passcQde, a 
second sieans of a bio-identification such as a digital fingerprint, a 
third means of a password mixed with pseudo-random noise called 
salt), to 

point 2, media ticket . smart card A holding customer A*s private 
keys, secret keys, session keys, encrypted play codes with header, 
and encrypted play counts with header to prevent the use of stolen 
media ticket smart cards, to 

point 3, cryptographic media player [REF . 

Any one of the three points which are detected as unauthorized will 
stop the media ticket smart card read/ write process- An authorized 
cryptographic media player should have a certified sticker for the 
customer to inspect. 

The passphrase/passcode {passcodes are the shorter form but hard 
to remember) will be customer input into a toggle field with liquid 
crystal display (LCD) placed in the cryptographic media player. The 
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cryptographic media player may also have a built-in fingerprint 
reader. The cryptographic media player will have a built-in media 
ticket smart card reader. 

The cryptographic media player will match the customer input 
passphrase/passeode with the one ^burned in w the inserted media 
ticket smart card. A mismatch will give a customer warning on the 
LCD display and a w beep." Alternately, a customer fingerprint can 

be matched with one "burned in" the media ticket smart card- No 

( 

fingerprint t&cx>y<\s are kept. 

L. An advantage of this invention is to support a cryptographic media 
authentication triangle between the three points of: 

point 1, a copy of 1-way transfer of custom session key 
encrypted digital media A, to. 

point 2, media ticket smart card holding customer A, or 
user's private keys, secret keys, encrypted session keys (play 
codes), encrypted play codes with header, and encrypted play- 
counts with header (play counts), to 

point 3, cryptographic media player [REF 508] » 

Any one of the three points which are detected as unauthorized 
will stop the custom encrypted digital media playing process. 
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The cryptographic media player will match the inserted custom 
encrypted media with the play code from the inserted media ticket 
smart card* A test strip of media will be decrypted of known values 
to confirm a match. A mismatch will warn the customer upon the LCD 
display and a vv heep." 

M. An advantage of this invention is to support legal "fair use" of 

US copyrighted encrypted digital media or the archiving of two to three 
copies for personal use* The purpose of "fair use" is to allow for 
recovery it? case of accidental damage, theft, fire, flood, natural 
disaster/ legal archiving, dispuLed legal ownership (as any dlvuia^d 
person will recognize} , or one or at most two convenience copies in 
multiple locations used by the legal owner. Legal "fair use" also 
supports a home set of media and an auto set of media. 

This is accomplished by customer session key (l-time secret key) 
encrypted madia, which can be copied any number of times for archiving* 
Any custom encrypted copy must be decrypted by the matching media 
ticket smart card* 

tton~copyrighted commercial and home-made material is kept in 
unencrypted form and can be copied an unlimited number of times and 
played an unlimited number of times. 
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Two encrypted copies can be made for a home media set and a car 
media set ail under legal "fair use." Two sets of matching media 

ticket smart cards will allow legal use by the customer at his home and 
his car. 

A primary and back-up pair of media ticket smart cards for 
customer A can be inserted into a crypto-digi tai signal processing chip 
in a crypto-merfis player to do a card update, operation to make the two 
cards' pl^y codes and play counts match exactly. This operation is 
done by first inserting one media ticket smart card and then another 
into the crypto-media player with crypto operations similar to "first 
use'' just below done on each card with 2-way commit operations done in 
multiple loop-backs before finalizing operations per card. 

N. An advantage of this invention is to support legal "first use" of 
US copyrighted encrypted digital media or the right of one person to 
sell or transfer in entirety the encrypted digital media to another 
person and transfer only relevant media ticket smart card cryptographic 
keys to the other person's media ticket smart card. 

This is accomplished by use of a cryptographic media player [RE«F 
50 8 } to read from customer party A r s media ticket smart card the tamper 
resistant memory held encrypted play code {session key (SsK) or 1-time 
secret key) ; 

Vn-FaK-F (MAC {VIN) , 

session id, 

fVn-PuK-A fVn-SeK-Vn ( 

vendor digitally signed {play code with sequence number) )) , 

if 

customer (family key) sequence number. 



257 of 737 



) - - fceiip-N 

= pass-th.ru encrypted play code with header (and sequence no's), 

MOTE: see previous NOTE on sequence nuaabers. 
where Vn - the xaedia distribution party, 
F = family key or group secret key 

A-PuK-B = party A using the public key for party B 

The cryptographic media player [REP 50? j party P can fully 
decrypt, update the vendor sequence number, and then re-encrypt party 
A T s play codes ih his media ticket smart card A, over to party B's play 
codes by the decryption steps: 

P-PuK-Vn (P-SeK-Vn (P-PrK-A{ remove MAC (VIN) , 

remove session id, 

remove customer (family key) sequence number, 
P-FaK-F(temp-N) } ) ) = temp-Nl, 
Party P increments the temp-Nl vendor sequence number ~ temp-N2. 
and then the re- encrypt ion steps: 
P-FaK-F(MAC{VIN), 
session id, 
P-PuK-A { P-ScK- vn ( 

P-PrK-Vn { t emp-N2 ) ) ) , 
customer (family key) sequence number +• 1) = temp-N3, 
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which changes the private key encryption of customer A to the private 
key encryption of customer B. The re-encrypted play code with header 
and sequence number, Z # can be returned to the media ticket smart card 
of party B„ 

0, An advantage of this invention is to support lost and stolen media 
ticket smart cards* 



Customers will probably be allowed by most vendors to have two 
media ticket smart cards both programmed with the sas&e play codes and 
play counts- This will allow legal use of encrypted media in two 
places such as a home and a vehicle. If one media ticket smart card is 
lost or stolen, the customer's encrypted media collection which may be 
worth several thousand dollars is still accessible with the other spare 

^0 -I i- i l<-„^. a- mm *- -- . -*3 rr>U. ,~. . . ^ M . ■ U ^. ~m v. 7 « » ^ -t. ^ 

ticket smart card duplication process over the Web. 

If a customer loses both matching media ticket smart cards 
programmed for his or one of a single issued media ticket smart card, 
or a legal ownership dispute is decided by a court, a recovery process 
is possible. A completely lost media ticket smart card (holding 
encrypted play codes with header and encrypted play counts with header) 
of purchased music or inovies can be reported in to the media ticket 
smart card system authorities who will de-activate the lost media 
ticket smart card* They will issue a new media ticket smart card 
replacement with a new customer public key/private key pair and re- 
constructed encrypted play codes with header although exact values of 
former play counts will not be recovered. 

A completely stolen media ticket smart card reported as such can 
be electronically deactivated by the media ticket smart card system 
authorities who will de-activate the lost media ticket smart card. 
They will issue a new media ticket smart card replacement with a new 
customer public Jcey/private key pair and re-constract encrypted play 
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codes although exact values of former play counts Will not be 
recovered. 

P. An advantage of this invention is to support non-copyrighted 
commercial 'material, home produced material, and previously recorded, 
non-encrypted digital Copyrighted material by allowing unlimited 
unencrypted plays of the media. 

This is accomplished by a by-pass switch in the cryptographic 
digital signal processor (C-DSP) within the cryptographic media player 
which will allow the cryptographic digital signal processor to skip 
decryption and do regular digital decompression processing in example 
for previously existing MPEG I Audio Layer 3 (MP3) decompression for 
MP 3 compressed music recordings or MPEG IV movie recordings. 

Q. An advantage of this invention is to prevent use of this 

strong cryptography system of software and hardware by terrorist forces 
and countries which are enemies of the United States for military use 
of Command, Control, Communications, Computers, and Coordination {CCCCC 
or C Five) - 
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This is accomplished for US jurisdiction vendors and US 
jurisdiction users by licensed encryption and the legally required use 
of key escrow of cryptographic keys placed into the hands of a minimum 
of two neutral, licensed escrow second parties along with the legal 
forcing of a pass- thru encrypted play code with header appended to the 
encrypted digital data* With law enforcement obtainment of a court 
order with 4 th AMENDMENT "probable cause fr of a crime or a FISA court 
order for National security" cases only, Federal, state, or local law 
enforcement could get from the Jcey escrow parties copies of icey split 
cryptographic keys, Media ticket smart cards will allow use of whole 
cryptographic keys in a cryptographicaiiy secure container which is a 
crypto-microprocessor with tamper resistant non-volatile electrically 
erasable programmable read only memory {TNV-EEPROM} which cannot be 
illegally copied- All legitimate cryptographic key copies should be 
transferred f ros* cryptographic hardware to cryptographic hardware or 
from ^black' hardware to A biack' hardware with use of family key 
(shared secret key) based pass-thru encryption over all '"red" or 
wiretapable buses and networks. 

If suspected criminal activity occurs within US jurisdiction, law 
enforcement can get a court order for a "cipher text (encrypted)" 
wiretap or a legal wiretap of encrypted data sent over the internet 
which can be stored for later decryption. This "cipher text 
(encrypted)" wiretap can be decrypted at later dates by law enforcement 
in case of an actual crime or in case of "probable cause" or FISA court 
order of a criminal or terrorist action by obtaining appropriate key 
split cryptographic keys held in key escrow by the licensed US vendor 
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who is a commercial, public key distribution authority (PuKDA) . If the 
central hub is in US jurisdiction/ the public key distribution 
authority (PuKDA} will be a licensed encryption vendor and will be 
required by proposed US federal law to use the key escrow provisions* 
The key escrow keys are used upon the appended pass -thru encrypted play 
codes with headers to recover the session keys used to decrypt the 
cipher text media* The standard commercial media intended by this 
patent being hnb centered in Hollywood, California using worldwide 
downloaded commercial, digital music, commercial, digital movies, and 
commercial, 

digital entertainment sold by legitimate and well known media 
distribution cosapanies. The media content cannot be restricted by 
technology alone. A rogue nation may send any digital media using the 
software and hardware*' The media ticket smart card digital media data 
under the proposed patented cryptographic protocols is useful tor 
military use because it can also only be sent openly over the internet 
in strong cryptography form only one-way, from hub to spoke and not 
from spoke to hub, used to dynamically distribute session keys for two- 
way communications . 

Ridden back-door cryptography key use also called an uneven or 
non-linear key space for use with the hardware specified in this 
invention is not advisable. An open hardware architecture with open 3** 
party fabrication and open academic and industry review precludes any 
use of uneven or non-linear key spaces* Leaks of the hidden key would 
quickly propagate through hacker Web sites and verbal leaks without 
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strong espionage laws for US Department Of Defense classified inateriai 
resulting in massive holes in the system. 

{PROPOSED LEGISLATION) A Federal law licensing program for use of 
strong cryptography within US jurisdiction with mandatory key escrow is 
highly recommended limiting licensed access to trusted commercial 
parties based upon establishing a legal environment of: 

I). **legal record keeping" of signed, witnessed, and dated 

hardcopy and electronic record keeping using digital signatures, 
digital US Post-marked dates, 

2: ) „ *1 ega 1 compl a i nt fill rig" 

3) . a "due process " type of internal legal review, 

and "duly diligent" actions in resolving illegal issues 

including contacting outside law enforcement and filing charges 
for judicial action. 

which Vega* environment includes compliance with 1 ) » all Federal and 
individual US state laws, 2) . local municipal laws and city ordinances, 
and 3) , a lack of criminal history among management personnel, 

(PROPOSED LEGISLATION) Federal jurisdiction established along 
'"virtual US borders" at the Federal, state, and local iex^els will allow 
^electronic policing" of ail cryptography from terrorist groups and 
enemy nations coming into the United States over the global Internet. 
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Bandwidth bottlenecks can be avoided by optical hardware and special 
cryptography tools. This ^electronic virtual filtering" will be done 
in order to enforce the proposed US legal requirement of litz&xiised 
encryption from licensed and trusted vendors of ail cryptography on US 
soil with key escrow provisions. All worldwide Internet traffic will 
be controlled with US and foreign smart passport cards, US and foreign 
smart driver's license cards, commercial media ticket smart cards, 
ccxs&crcial ssaart credit cards, etc. The use of smart cards will give 
to all internet data the 12 legal attributes mentioned in the earlier 
prior art section of this patent necessary for xise in lis, foreign, and 
international courts of law. A proposed global electronic US postal 
office is realizable giving electronic US Postal stamp information of 
authentication {who) information, location from, digital US Postal 
Stamps (where), routing from global IP addresses (where), US Postal GPS 
digital GPS time stamps (when) , with strong encrypted letter contents 
under digital integrity checks (what - like digital ink watermarks), 
and digital contents secrecy (what - like wax envelope seal) . Court 
ordered law enforcement traffic pattern surveillance will give the 
telephone bill data of who, where, and when. 

Media ticket smart card use inside or outside of the US in a 
spoke receiving US licensed encryption from a US hub can only receive 
data overseas from a trusted and. licensed US source who will be 
required under proposed US Federal law to use key escrow. A foreign 
spoke using a media ticket smart card from a US hub will eventually 
need to get virtual border clearance with that foreign nation. A 
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proposed legislation mutual cryptography cross-licensing trusted nation 
to nation agreement can be negotiated. 

Media ticket smart card use inside the US in a spoke receiving 
data from b.tl untrusted and unlicensed overseas, hub in a foreign country 
outside of US jurisdiction and without use of proposed cryptography 
licensing and key escrow laws (or without a trusted nation to nation 
cryptography cross-licensing agreement with the US) uaist be 
electronically policed with "electronic borders," This situation will 
give foreign nations and terrorists a chance to send strong encryption 
into the US for military command, control, communications, computers, 
and coordination (CCCCC or C Five) . This unlicensed encryption from 
unlicensed vendors in foreign countries (e.g. Irag f Libya, North Korea, 
PRC, Vietnam) with hubs outside of the US must be electronically 
intercepted and monitored or blocked out at the "virtual US border-" 
Suspicious data IF packets from unlicensed overseas vendors or even 
unlicensed US vendors (having no key escrow provisions) intercepted at. 
^electronic US borders" can be electronically filtered (e.g. optical 
computers and special cryptography tools) and collected by law 
enforcement {e.g. NSA, CIA, FBI, state troopers/highway patrol, local 
police) with a court order for analysis of strong cryptography. Bear 
in mind that any form of wiretapping without court supervision and US 
Constitutional law establishes the power of a police state and was a 
favored tool of the ex-Soviet secret police (KGB) , ex-East German 
secret police (GRU) , Nazi secret civilian police (Gestapo), Nazi secret 
military police (SS) . The intercepted illegal packets which are not 
digitally signed by a licensed US encryption vendor can be flipped 
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out" with a court order. Bear in mind that key word electronic *biip 
out" power without court supervision or US Constitutional law 
exceptions to freedom of religion, freedom of speech, freedom of press, 
freedom of expression, freedom of assembly, freedom of rightful 
petition is the police state censoring power to cover-up or conceal the 
TRUTH. 

Allied nations such as the US and NATO with trusted 
government, relations can set up mutual cryptography cross -licensing 
agreements hi th any other trusted country. In these agreements one 
nation such as the US with a US licensed encryption hub restricted to 
trusted vendors with licensed US key escrow will honor foreign state 
department, foreign court ordered key escrow requests from a foreign 
country in which a spoke of a media ticket smart card is in use. This 
situation will occur in Hollywood movie distribution with the hub in 
Hollywood, California and the spokes around the world, cryptography 
secret keys for US Copyrighted digital masters distributed worldwide 
from US hubs will not be surrendered, but, the US will subpoena and 
surrender to cross- licensed countries the split cryptography keys used 
for terrorist activities and the illegal distribution of criminal types 
of information used in racketeering activities (criminal businesses) 
such as illegal gambling, narcotics distribution, international gang 
activity, etc. 

The Mutual situation with the US will arise whereby for example a 

trusted mutual cryptography cross -licensed nation such as the United 

Kingdom (UK) having a UK hub with UK licensed key escrow will have a 

spoke in the US in the form of a citizen/customer using a media ticket 
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smart card. Under the proposed nation to nation cryptography cross- 
licensing' agreements, the UK government -will mutually honor US State 
Department requested foreign key escrow requests from the US government 
issued by US court order for the clearly illegal or criminal use of UK 
issued media, ticket, smart cards in the US. 

The goal of preventing terrorist and enemy country to the US use 
of strong cryptography hardware and software of this invention for 
foreign invasion and terrorist action in the US by military command/ 
Control/ Comm u nicati on s , Computers, and Coordination (CCCCC or C Fi ved ) 
is blocked in US jurisdiction by: 

1} - slapping direct and illegal 3 rd parly sales of this 
strong cryptography product to terrorist groups and enesiy 
countries based upon Federal licensing programs for strong 
cryptography (PROPOSED LEGISLATION) for use entirely in the US or 
use across US borders, 

2} . using the 12 legal attributes of cryptography and 

smart passport cards f smart driver's licenses, smart credit 
cards, smart debit cards, and media ticket sssart cards to allow 
"electronic US borders" for licensed encryption inside of the US 
by trusted licensed vendors using mandatory key escrow 
provisions. 

3} . J PROPOSED LEGISLATION) Establishing the US licensed 
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cryptography vendor program for trusted corporations with 
mandatory key escrow. 

4). (PROPOSED LEGISLATION) Establishing a mutual 

cross- licensing program between the US and its trusted allies tor 
Honoring court ordered key escrow requests from overseas and for 
hubs or media servers in one country and spokes or customers in 
another country. 



268 of 737 



(START CUT AND PASTE SECTION - RE-WORDED CLAIMS SECTION} 

(NOTE TO PATENT EXAMINER: THIS CUT AND PASTE SECTIC83 OF AJ^ND A: 
DATED 12/2007, IS NOT % NEW TECHNICAL MATERIAL ' OF MmW A, BUT, SX*&L¥ 
gfigggx EXagggcg 1 st GxttCE ACTION ORIGINAL CLAIMS, h*L±biG PArmur EXAMuxs** 
LABELED AS 'TOO DETAILED AND VERBOSE' CLAIMS 29 - 65, MATERIAL OF THE 
ORIGINAL PATENT APPLICATION NO. 10/755,624 DATED 07/06/2004, FOLLOWING 
THE PATENT EXAMINER'S RECCMMEEfDATION OF MAKING THIS ORIGINAL CLAIMS 
MAT&&TAL AS SEAZsLY WZ7>GNGING IN THE HEW TECHNICAL M&T&RTAL S&CT1QN, AND 
THUS THE ORIGINAL CLAIMS MATERIAL WAS SIMPLY MOVED OVER IN THIS 
AMENDMENT A DOCUMENT, FROM THE CLAIMS SEXZTION TO THE TECHNICAL MATERIAL 
SECTION* UEINQ MQRE IN CC&ZPLIANCE TO THE PATENT EXAMINER'S 

OBJECTION GF HIS 1 st OFFICE ACTION LETTER: DATED 09/12/2007. THE ONLY 
CHANC3Z CCOIBSJNG FRO* THE ORIGINAL PATENT CLAIMS TO HERE, HAS ***** 
PRESENT APPLICANT, REMOVAL OF THE USPTO MPEP RULE FORBIDDEN, LEGAL 
CLAIMS WORDING USED IN THE NEW TECHNICAL MATERIAL SECTION, BY ONLY 
CHANGING *PRQVID1N G-G&" TO "PROCESS STEP NN USES THE C&fPCNEHT OF:", 



Process steps description of only one embodiment of the present- 
strong cryptography commercial architecture invention {somewhat 
correlating wi th the following legal claims forms, which alone 
determine the legal scope claims coverage of the present invention, the 
new technical material simply acting as a dictionary for the legal 
claims terms) : 
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The following technical material of the invention, is an 

engineering process model numbered process steps 29 - 65, showing 
actual workable in real-life,- cryptographic processing of crypto- 
graphic hardware and cryptographic operating system (OS) software 
system components, in the new art strong cryptographic system of this 
present invent ion's, cryptographic PROCESS STEPS; 

PROCESS STEP 29. A specific method of or process for doing pnblic key 
cryptography over an open systems networking architecture in a totally 
cryptograph! caliy secure manner meant for safeguarding mul ti -million 
dollar digital masters which open systems network architecture includes 
existing prior art components integrated into a specific new invention 
system process of or methods patent of public key cryptography 
comprising of the steps of: 

providing of process step 29 uses the component of: prior art, a 
tamper-resistant non-volatile electrically erasable programmable 
read-only memory { TNV- EE PROM ) which can be in an external dedicated 
chip and also in an on-chip micro-controller design, which is used to 
hold embedded, brief in length, cryptographic computer programs, 
cryptographic system keys with first example cryptographic keys being 
family keys or shared secret keys, second example cryptographic keys 
being cryptographic private keys, third exainple cryptographic keys 
being secret keys, fourth example cryptographic keys being session 
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keys, and fifth example cryp olographic keys being cryptographic public 
keys, 

providing of process step 29 uses the component of; prior art, an 
electrically erasable programmable read-only memory (EEPRGM) which 
can come in a larger dedicated chip and also in an on-chip micro- 
controller design, used to hold, non-secure, computer programs 
(firmware? which are usually stored on separate and dedicated eeprqm 
memory chips which are connected to the digital computer processor 
through an input-output (I/O) bus with an on-processor instruction 
cache usually aaade of two layers: a Li cache of f aster , static RBH, 
and a L2 cache of very fast, associative memory or on-chip banlced 
registers used to locally hold -pages of operational codes (op codes) 
for fast execution/ 

providing o f process step 29 uses the component of: a static random 
access memory (SRKM) which can come in a larger dedicated chip and 
also in an on-chip micro-controller design with an on-chip input- 
output (I/O) bus with SKAM preferred over DKflM on-chip for faster 
speed and no need of a memory refresh cycle at the cost of one- four th 
less bit density, for faster temporary storage of dynamic data which 
is usually in the form of separate and dedicated SEfiM memory chips 
which are connected to the digital computer processor through an 
input -output (I/O) bus with an on-processor data cache of one or more 
levels (LI cache being SRAM and L2 cache being associative memory or 
registers) used to locally hold pages of dynamic computer data for 
fast data cache access / 
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providing of process step 29 uses the component of: prior art, a 
dynamic random access memory (DRAM) which can come in a larger 
dedicated chip and also in an on-chip micro-controller design using 
an on-chip input-output (l/O) bus with on-chip SRAM preferred over 
DRAM in micrQ-cont.ro Hers for faster speed and no memory refresh 
cycle, writh the latest example of fast DR&M being duo-data rate, 
synchronous/ dynamic random access memory (DDR-SDR&M) which can hold 
cither operational codes (for non- firmware based computer programs) 
or dynamic data (especially large arrays and large chunks g£ data 
such as video v €rame buffers' ) , with the DRAM being an acknowledged 
bottle-neck on the central processor unit (CPU? bus with another 
greater bottle-neck being the transfer of digital data over the 
peripheral device or input -output { I/O) bus and its much slower often 
electro-mechanical input-output (1/0) devices, 

providing of process step 29 uses the component of: prior art, a 
low- cost f low- t.hroughput , c r yp tog raph i c embedded micro- contro I ler ( c- 
uCtlr) ^ith scalar control operations, slow fixed-point arithmetic 
processing, and very slow, floating point interpreter based floating 
point processing {lacking a hardware floating point unit {FPU} } , as 
used in a prior art, 8-bit/ single chip solution, micro-controller 
based, smart card as widely used in, Europe for over twenty years with 
universale success over -coming in all forais of human abuse and adverse 
weather conditions, with said tamper resistant non-volatile memory, 
random access memory (TNV-ESPRQM) , holding both cryptographic keys 
and very limited amounts of embedded secure cryptographic algorithm 
firmware for the entirely on-chip execution of cryptographic 
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algorithms {secret key encryption-decryption^ public key encx-ypt ion- 
decrypt ion/ message digest ciphers {MDC f 5) / message authentication 
ciphers (MAC 7 5)), furthermore, possessing an on-chip input-output 

(1/0) bus in a micro-cent roller architecture with on-chip limited, 
static random access memory (SRftM) for fast dynamic data storage, and 
on-chip limited electrically erasable prograimable read only memory 

(EEPRQM) for computer firmware program storage, furthermore/ 
possessing a wirctapablc ( *red' ) smart card serial data bus to the 
external world which is used for initial unique customer aace.ss code 
communications from a digital computer into the smart card to 
activate it, and then is subsequently used for reverse direction 
communications of internal smart card secure memory values 
representing cash to debit and also accounting access counts used in 
pass-thru encryption to transfer encrypted ( ^cipher-texf ) data from 
the cryptographic micro -processor (c-uP) inside the smart card to a 
smart card reader and pass-by processing proceeding to a digital 
computer which must do pass-thru decryption and pass-thru encryption 
for the return closed feed-back response con»»un i cat ions exchange of 
possibly debited monetary values or incremented access counts needing 
secure storage in the smart card, 

providing of process step 29 uses the component of: prior art/ the 
smart card used for media ticket applications containing tamper 
resistant, non-volatile memory (TNV-£EPR<M) for key storage as part 
of cryptographic embedded iai ero-proccGGorG (c~uP'G) -r micro- 
controllers (C-u-CTLR' S) , 
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providing of process step 29 uses the component of; prior art, 
serial data computer communications interfaces such as a persona! 
computer (PC) based, serial bus connected (e.g. Universal Serial Bus 
or USB bus, and the faster and longer distance but more expensive, 
IEEE 1394 serial bus ( v Fire wire bus' ) ) f iLsed to connect, a persona.! 
computer (PC) to a digitized human fingerprint reader and for other 
computer peripheral purposes , 

providing of process step 29 uses the component of: prior art, a 
smart card reader means involving several Invention processes which 
simply reads the customer inserted .smart carcTs pass-thru encrypted 
data and passes it over wiretapable ( % red r ) buses to the digital 
computer, furthermore, a first example form of smart card reader 
means has physical metallic contacts with a power pin used to re- 
charge any smart card internal battery from an additional AC power 
line going into the smart card reader and suitable voltage conversion 
and regulation electronics, furthermore, a second example smart card 
reader means is a popular class of prior art, smart cards which have 
an optical interface which lacks any form of smart card battery re- 
charging capability but has improved durability, a third example 
smart card reader is a prior art, integrated smart card reader with 
bio-ID digitized fingerprint reader, furthermore/ the smart card 
reader is a dumb and inexpensive computer serial data bus device with 
a first example serial communications interface being a prior art, 
» serial data bus given as a universal serial bus (1158) providing 
maximum 3,0 Mega bits/second data transfer over a maximum 3,5 feet 
distance, which has no local area networking (LAN) interfaces which 
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must be provided by the attached digital cpinputery a second example 
serial ccHHratmications interface being a prior art, ISEE 1394 { *Fi-re 
gireT) serial data bus which transfers a maximum of 10.0 Mega 
bits/second at a distance of up to a maximum of 10 >Q feet, 

providing o f process step 29 uses the component of: prior art, 
biological-identification (bio-ID) reader means which attach to 
personal computers (PC's) using a low-cost serial data .hns such as a 
universal serial data bus (U3B bus) with a first example bio-IB 
reader means being a smart card reader with piggy-hacked , integrated; 
digitised fingerprint, bio-identification (bio-ID) reader for very 
customer convenient use, with an example customer use of a low 
security ami unattended by a * warm— blooded* 1 authorized gate— keeper y 
bio- ID means of" ^warm-blooded* index finger insertion into a 
digitized fingerprint reader and smart card insertion at the same 
time/ a second example bio-io reader means is a prior art, smart card 
reader with external AC power supply and power conversion and 
regulation transformers along with a piggy-backed Variu-blooded y iris 
scan reader digital video-camera electronics which said iris scan 
reader is attached by IEEE 1394 ( *Firc wire* ) digital cable to a 
digital video camera 7 

providing o f process step 29 uses the component of: prior art, an 
internet protocoi (IP)/ wide area network (IP WAN), 

providing of process step 29 uses the component of: prior art, a 
world ^ide web server (WWW) or web or graphics rich portion of the 
Internet web server computer, 
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providing of process step 29 uses the component of: prior art, a 
personal computer {PC)/ -which is non-cryptographicaily secure,/ 

providing of process step 29 uses the component of: 'prior art/ a 

personal computer (PC) web clients- 
providing at process step 29 uses the component of: prior art, a 

personal computer (PC) peripherals, 

providing o f process step 22 uses the component of: prior art . a 
data entry devices of an on-board protected electronic device, toggle 
field with a prior art liquid crystal display (LCD) for entry of the 
unique customer passphrase with closely corresponding passcode entry, 

providing o f process step 29 uses the component of: prior art, a 
data entry device of computer keyboards used for unique customer 
password, and passphrasc-passcodc entry with wiretapablc { *red bus* ) 
computer keyboard buses vulnerable to the known prior art, hacker 
tools of both software and hardware based keyboard capture buffers, 

providing of process step 29 uses the component of: prior art, a 

faanked-EEPROM card reader-writer connected by a prior art, serial bias 

connected with first example serial bus being the Universal Serial 

Bus (R ) (USB bus) connected banked non-volatile memory chip card 

reader-writer serial bus interface unit to an electronic device, with 

first example banked non- volatile- memory chip card unit which inserts 

into the reader being a banked/ electrically erasable programmable 

read only memory (banked-EEPROM) card unit {e.g. Sans Disk (R ) card, 

or SD (R ) card) , and second example banked non-volatile memory chip 
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card unit: being a single, large chip tamper- resist ant non-volatile 
electrically erasable programmable read-only memory (TNY-SEPRQM) 
(e.g. Memory Stick (R } chip) , 

providing o f process step 29 uses the component of; prior art, a 
personal computer'* s (PC f s) peripheral data storage devices such as 
hard disk drives (HDD's), compact disk (CD) record once (CD-R (R j ) 
drives, compact disk read-write {CD-RW (R ) ) drives which all offer 
^backwards compatible' CD media which can be used in read-only modes 
compatible with older, existing read-only CD drives (CD), also 
writable digital versatile disk (DVD) drives (e.g. DVP*Rff (R }, DVD- 
RW (R ). DVD- RAM (R ) which all offer ^backwards compatible' media 
which can be used in read-only modes compatible with older, existing 
read-only DVD drives {DVD-ROM) , 

providing of process step 29 uses the component of? prior art, a 
personal computer's (PC's) based peripheral data storage media units 
(e.g. hack-up devices, video devices, fast floppy drives (e.g. Iomega 
(R ) Zip (R ) drives) y removable hard disk drives (removable HDD) 
te»g» Iomega Jazz (R ) drives)?/ 

providing of process step 29 uses the component of: prior art, a 
cryptographic digital signal processor (ODSP) means designed for 
low-cost.* very fast digital processing of fixed-point number array or 
arrays of fixed radix numbers having limited necessary precision 
typically less than 32-bits arranged in matrix arrays (32-bit 
integers with an assumed radix point which cannot move with a default 
assumed decimal point which cannot move? as popularly used in the 
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Texas Instruments {TP THS-320 DSP and also the AT&T DSF-1, with 



major DSP features being an accumulator based design with arithmetic 
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l)th round, and programming- time, programmable firmware libraries 




supportina flexible digital signal processing for different 




applications, furthermore, giving fast scalar control processing 




without a need for floating point operation re-normalization based 




upon exponents, with a floating point interpreter for limited 




floating point operations involving floating point number formats 




with exponents, furthermore, also having additional silicon compiler 


designed components of embedded tamper resistant non-volatile 




electrically erasable programmable read only memory (TNV-EEPRGM) with 



a first exarnple cryptographic digital signal processor (OPS?) means 
being a standard DSP combined with the silicon compiler functions of 
the prior art, US National Institute of Standards and Technologies 
(NIST's? Clipper chip/ being the Skipjack secret key algorithm as 
implemented in a silicon compiler with on-chip tamper resistant non- 
volatile memory (TNV-EEPROM) , sub-circuit, single integrated circuit 
{ *single chip IC solution' ) design giving stream cipher and block 
cipher encryption and decryption functions (additionally used in the 
prior art, Capstone program using a plug-in PC card (R ? format once 
called PCMCIA having an embedded Clipper ASIC chip comparable, to a 
prior art smart card program), which were both programs and standards 
were based upon the dedicated, custom designed ASIC, hardware 
integrated -circuit (TQ implementation of the Matronal Security 
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Agency (NSA) developed, classified Clipper chip using the Skipjack 
secret key algorithm, second example cryptographic digital signal 
processor (C-DSP) means being standard digital signal processing 
(DSP) functions combined with silicon compiler functions implementing 
the Chandra parent. (US Patent. Number 4,817,140 issued on March 28, 
1989 and assigned to IBM Corporation) , and third exaiaple 
cryptographic digital signal processor {C-D5F? means being numerous 
other CIS Patents and also public art, non-patented technical 
literature, 

providing o f process step 29 uses the component of: prior art, a 
cryptographic digital signal processor (C-DSP) means intended for 
very fast processing of large fixed-point arrays of fixed-point or 
fixed radix numbers as shown in the prior art/ Texas Instruments {TIj 
TMS-320 DSP and also the AT&T DSP- 1, additionally containing a 
cryptographic hardware secret key algorithm sub-processor, tamper 
resistant non-volatile electrically erasable programmable read only 
. memory' ( TW J- EE PROM ) , random access memory (RAH) , analog to digital 
signal converters (ADC) , moving picture electronics group standards X 
(MPEG X) hardware decompression only circuitry for digital 
audio/video, digital audio/video signal artificial degradation 
circuitry, digital to analog signal converters, and digital signal 
processing of digital audio/video signals circuitry, 

providing of process step 29 >ises the coinponent of: new art, 

cryptographic digital signal processor (ODSP) means designed for 

low-cost, very fast, digital processing of fixed-point nujgber arrays 

as shown in the prior art, popularly used, Texas instruments TMS-320 
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DSP and also the AT&T D5P-1, furthermore, having additional silicon 
compiler designed components adding embedded tamper resistant xion- 
volatile electrically erasable programmable read only memory (TNV- 
KKPROft) for secure cryptographic key storage, along with both tamper 
resistant to pirwprobers f and cryptographic Ally protected, on-chip* 
firmware implemented new art, byte-oriented/ secret key .algorithm 
based secret key encryption and decryption for both stream oriented 
and block oriented encryption and decryption processes/ with on-chip 
hardware and firmware library support for both secret jcey and public 
key algorithms such as an electronic true random mnaher generator,- an 
o a- ch ip ha r dwa re f ioa t i ng point un i t { FPU ) for processing la r ge 
blocks of secret key encrypted and decrypted data using newer y. 2003 
firmware based, byte oriented, secret key algorithms such as Advanced 
Encryption Standard (AES) , an extremely large integer to an extremely 
large integer exponentiation unit using the binary square and 
multiply method commonly used in public key cryptography, with 
additional on-chip silicon compiler designed hardware support for 
digital decompression {read-only} algorithms, with additional on-chip 
silicon compiler support for digital compression algorithms/ with 
additional on-chip silicon compiler support for forward error 
detection and correction coding <e,g. Reed- Solomon or RS coding) done 
in the encoding process sequential order of digitally compress, error 
correct^ and encrypt/ with decoding done in the exact opposite 
sequential process order/ with a first example O DSP means being 
discussed broadly in the present inventor's present patent's 
technical material which is not subject to this present over- ail 
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system's or methods patent application which uses such a device as a 
provided hardware component/ 

providing of process step 29 uses the component of; a new art, 
programmable gate array logic {GAL) form of high density, application 
specific integrated circuit (ASIC? with embedded cryptographic 
digital signal processor (C-DSP) means functions as mentioned in the 
paragraph just above. 

providing of process step 29 uses the component of: new art, a 

cryptographic di gitai signal processor (C-DSP) means designed for 

very fast execution of fixed-point number arrays such as the popular 

Texas Instruments TMS-320 and also the AT&T DSP-2/ furthermore/. 

having additional silicon compiler based embedded, prior art, 

cryptographic hardware secret key algorithm sub-processors based upon 

prior art, standardized, secret key algorithms with an example 

algorithm being given as IBM's patented Data Encryption Standard 

(PES), with on-chip firmware support, an on-criip hardware floating 

point unit (FPU) for processing large blocks of secret key encrypted 

and decrypted data using newer y, 2003 firmware based, byte oriented, 

secret key algorithms such as Advanced Encryption standard (AES) , an 

extremely large integer to an extremely large Integer exponentiation 

unit using the binary square and multiply method commonly used in 

public key cryptography, with additional on-chip silicon compiler 

designed hardware support for digital decompression (read-only) 

algorithms, with additional on-chip silicon compiler support for 

digital compression algorithms, with additional on-chip silicon 

compiler support for forward error detection and correction coding 
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(e.g. Reed- Solomon or RS coding) done in the encoding process 
sequential order of digitally compress/ error correct/ and encrypt, 
with decoding done in the exact opposite sequential process order , 
which in turn are silicon compiler design embedded hardware sub-units 
inside of said prior art., cryptographic digital signal processors (C- 
D5P' s) s 

providing p t process step 29 uses the component of: prior art, a 
cryptographic micro-processor (c-uP) or a central processing unit 
(CPU) such as an Intel Pentium (R ) CPU with a control unit, and also 
with an integrated fast, hardware/ floating point unit (FPU), 
integrated memory management unit (MMU) . integrated instruction and 
data cache unx t f xntegrated bus interfacg Lmxt (BlU) t ^nd addxtron a-x 
proposed subset functionality of a C-DS? means including integrated 
tamper resistant non-volatile electrically erasable progr amniable read 
only memory (tnv-kkpkgm) , all on a single chip, which has impedance 
monitored intermetattic deposition layers protecting the entire chip 
from illegal pin probers used by hackers targeting the on-chip 
architecture including the protected { *black f ? on-chip buses/ and 
also for protecting the entire chip from, wiretapping pin probers used 
to illegally read cryptographic keys stored on the on-chip said 
embedded/ tamper resistant non-volatile electrically erasable 
programmable read only memory ( TNV-EEPRGH) , with the main ant i- tamper 
means being the automatic on-chip erasure of cryptographic memory 
(TNV-EBPROM) holding all cryptographic keys upon the fully automatic 
detection of any signs of chip tampering, 
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providing of process step 29 uses the component: of: new art. r a 
cryptographic micro -processor computing based unit (C-uP? , also 
having a subset of cryptographic digital signal processing (OPS?) 
means having much more on-chip, hardware, floating point (FPU) 
throtighput capacity than, the C-DSP chip and a more powerful memory 
management unit CMMU) capability/ while having subset security- 
functionality as the cryptographic digital signal processor unit {C- 
DSP) means being on-chip tamper resistant non-volatile electrically 
erasable programmable read-only memory { TNV-EEFRQM) or cryptographic 
memory for both cryptographic key storage and cryptographic algorithm. 
firmware storage/ automatic on-chip impedance monitoring of a whole 
chip inter-metailic layer with automatic erasure of cryptographic 
memory upon tamper detection, silicon compiler library designed on- 
chip functions with' automatic placement and routing, on-chip support 
for read— only cgraraercial players using an embedded C— CPU of a tamper 
protected/ error detection or correction unit Ce>g, Reed- Solomon 
unit), on chip support for read-only commercial players using an 
enibeddecl C-CPrj of a tamper protected ("black unitM^ embedded^ secret 
key decryption sub-unit which supports both dedicated hardware and 
dedicated firmware secret key decryption of play-back mode only, 
uniquely secret key encrypted/ commercial media/ on-chip tamper 
protected digital de-compression only support in play-back only mode 
for standard form digital media (e.g. MF3 being discrete cosine 
transform (DCT) based/ MPEG X being discrete cosine transform (DCT) 
based/ fast wavelet transform (FWT) audio-video being con vol u ti on a i 
coding based/ JFSG being discrete cosine transform (DCT) based/ JF£G 
2000 being fast wavelet transform (TOT) or cpnvol uti pna ? coding 
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based, Fraunhofer Institute of Germany's, fast wavelet ' transform 
(FWT) audio {R ) convolutional coding, AAC (R ) brand ccmvolutional 
coding) widely used in commercial media players, with more general 
bi-directional use in crypto-celi phones and crypt o-hand-heid 
computers for similar on-chip support respecting relevant, process 
sequential orders being digitally compress media, encrypt media, 
error detection bits added/ which must be undone in cryptography in 
the exact reverse sequential ordcr / for the hardware and firmware 
based encryption and decryption of digital media data, bat, without 
current on-chip support for encrypted operation codes (c-op codes) 
usable in the future for cryptographic computer programs and 
cryptographic multi-media programs, with a first example OCPU means 
being discussed in the present inventor' 5 present invention, 

provid i ng o f process step 29 uses the component of: new art, a non- 
cryptographic media player (MP? based upon prior art, nan- 
cryptographic digit.al signal processor (DSP) means with starting 
functionality of the popular Texas Instruments TK5-320 DSP, 
constructed with serial bus connections to customer insertable and 
removable prior art, smart card reader-writer unit interfaces, and a 
read-only drive unit tor standard physical format, digital media 
which is very similar in computer architecture to prior art, 
electron! c-hoo k readers which have a built-in, very small, liquid 
crystal display {LCD) , and are similar in physical form to non- 
cryptographic compact disk players, 

providing o f process step 29 uses the component of: new art, a 

cryptographic media player (c-MV) constructed with said, prior art, 
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cryptographic digital signal processor (ODSP) means having serial 
bus connections to customer insertabie and removable prior art, smart 
card reader-writer unit interfaces, and also having a read-only drive 
unit tor standard media with first example/ read-only, media means 
being compact, disk record once (CD-R) f second example reaci-only media 
means being compact disk compact disk read-write (CP-K») , and third 
example read-only media means being banked non-volatile memory card 
(banked EEPRQM) f and fourth example read-only media means being 
digital versatile disk record once (DVD-R), 

providing o f process step 29 uses the component of; new art, a 
cryptographic personal computer (c-PC) which is created by using new 
art, said cryptographic digital signal processor (ODSP) means based 
plug -in, peripheral or contention bus or input -output bus {I/O bus) 
cards for prior art, personal computers (PC's), with the peripheral 
bus giving an interface to the motherboard's said cryptographic 
central processing unit (OCPtl) which, in turn has a Universal Serial 
Bus (USB) Interface to a USB based smart card reader, 

providing o f process step 29 uses the component of; new art, a 
cryptographic personal computer (c-PC) having a subset functionality 
of ODSP means, which is created by using a prior art, standard off- 
the shelf personal computer (PC) design with a cryptographic central 
processing unit (C-CPU) with the goal of creating an internal secure 
bus hardware or *black bus* computer architecture system also having 
insecure hardware bus or v red bus f or open wiretapable buses/ which 
furthermore requires a new art, cryptographic operating system (C- 
QS), 
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providing of process step 29 uses the component of: new art? a 
cryptographic media player (c-MP) for playing back custom secret key 
encrypted, compressed digital/ audio-video in standard format with 
first example compressed digital audio-video being given as prior 
art.. Moving Picture Elect.ron.ics Group Standards X (MPEG X) and, second 
example compressed digital audio-video being given as prior art, fast 
wavelet audio-video digital compression also called conv oiutional 
coding, furthermore said player contains embedded, cryptographic 
computing units (C-CPU's) with serial bus interfaces to built-in, 
prior art/ smart card reader units,- and also having built-in, prior 
art, input/output {I/O) peripheral bus connected, computer industry 
standard, peripheral data storage drives in first example drive being 
a compact disk read only (CD) drxve wh,xch reads coispact drslc record 
once format (CD-R) , 

providing of process step 29 uses the component of: new art, a 
universal cryptographic set- top box form of media players (c-MP* s) 
for playing back custom secret key encrypted, high definition 
television { HDTV) broadcasts and standard definition television 
(SDTV) broadcasts, as well as for playing custom secret key 
encrypted, cable channel programming, as well as for playing custom 
secret key encrypted satellite television programing which are based 
upon a more powerful, cryptographic media player computer 
architecture ?c-MP) , 

providing of process step 29 uses the component of: new art, a 

cryptographic micro-mirror module (c-MMM) -commercial theater 

projection- theater sound units which are special cryptographic media 
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players which use prior art, more than one drive, digital versatile 
disk read only (DVD) drive units which also read digital versatile 
disk record (DVD-X) formats, furthermore, the DVD-X disks contain 
custom encrypted compressed digital media which can be decrypted only 
with, a corresponding f unique, smart, card programmed, in a prior art, 
standard, personal computer (PC) over the wiretapable pred b?as r ) 
Internet as a special media ticket smart card using the methods of 
the present inventor' s patent, 

providing o f process step 29 uses the component of: prior art, a 
modified secure operating system (secure-OS) for world wide web (WWW? 
server computers which will custom customer session key encrypt a 
vendor secret key encrypted digital master, and electronically 
distribute custom/ encrypted digital media master s, using firewalls, 
using anti-viral software updated weekly, using network protocol 
converters, using standard layered security methods, and using % ihner 
sancbim r protection for vendor session key or one-t-irae secret, key 
encrypted digital media masters, 

providing o f process Step 29 uses the component of: prior art, a 
world wide web {mm) transmission control protocol-internet protocol 
(TCP-I?) command protocol stack program for Internet connectivity, 

providing of process step 29 uses the component of; prior art/ 
sLandard, a piuxaiiLy of crypLographic mathemaLics algorithms # 
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providing of process step 29 uses the component of: prior art, a 
plurality of public key cryptography algorithms which create public 
keys and private keys, 

providing of process step 29 uses the component of: prior art, a 
plurality of secret key cryptography algorithms which create secret 
keys and session keys {1-time secret keys) and also play counts or 
access counts or media decryption counts and play codes (session keys 
or 1-time secret keys), 

providing of process step 29 uses the component of: prior art, a 
plurality of hybrid key cryptography algorithms which are combined 
public key and private key cryptography algoriLluas (prior art), 

providing of process step 29 uses the component of: prior art, a 
plurality of private key and secret key splitting algorithms, 

providing of process step 29 uses the component of: prior art, a 
plurality of private key and secret key escrow techniques, 

providing o f process step 29 uses the component of: prior art, a 
plurality of algorithms used to generate: cryptographic keys which 
are the collective public keys, private keys, secret keys, session 
keys (1-time use only secret keys), play counts, play codes, 
passphrases-passcodes, 

providing o f process step 29 uses the component of: prior art, a 
plurality of computer cryptography protocols, 
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providia ^-e^- process step 29 uses the cojaponent of: prior art, a 
plurality of pass-thru encryption algorithms for transmitting secure 
data over v/iretapable computer buses ( Ved buses'), 

providing o f process step 29 uses the coraponent of: prior art,- 
standardized form, a plurality of lossy compressed digital media 
algorithms with first example algorithm being given as MPEG X (R ) 
based upon a SVGA (R ) video format and also newer 11KGA (R ) higher 
resolution video formats, second example algorithm being given as MP3 
(K ? based upon pulse code modulated (PCM's), audio sound, only, third 
example algorithm being given as JPEG X (R ) for still color 
photography only with JPEG being discrete cosine transform (DCT) 
based and JPEG 2000 being fast wavelet transform (FWT) compression. 
based/ fourth example algorithm being given as fast v?avelet transform 
(FWT) audio-video, fifth example algorithm being given as proprietary 
Advanced Audio CODKC (K ) (AAC (R ) ? using a ggT algorithm variant, 
sixth example algorithm being given as Fraurihofer Institute of 
Germany's, fast wavelet trans form (FWT) 'audio (R ) who are the 
original international patentees for convolutional coding based lossy 
digital compression, 

providing of process step 29 uses the component of: prior art, a 
transmissions control protocol/internet protocol (TCP/IP) for 
Internet connectivity/ 

providing of process step 29 uses the component of: prior art, a 
secure internet protocol layer (secure IP layer) layer of Internet- 
data encryption, 
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providing of process step 29 uses the component of: prior art, a 
secure sockets layer (SSL) layer of Internet data encryption/ 

providing of process step 29 uses the component of: prior art, a 
plurality of world wide web (WWW) server standard interchange file 
language with first example protocol being hyper-text mark-up 
language (HTML) , second example protocol being extensible business 
mark-up language {XHML or XML) , and third example protocol being 
generalized-text mark-up language (GTML) , 

providing C h £ process step 29 uses the component of: a plurality of 
world wide we.b (WWW) client standard interchange file languages with 
first example being hyper- Lex L mark'- up language (HTML) t 

generating of a set of coiamon system keys which is the process done 
by the media ticket smart card system authority's, party S T s, 
dedicated public key generation authority,, party G, using provided 
prior art said public key and secret key cryptography algorithms to 
generate system cryptographic keys, while having absolutely no access 
to any vendor identifications/ furthermore, the sub— process of 
embedding of generated said common system keys into each, and every 
provided, cryptographic digital signal processor (C-DSP) means, 
furthermore/ embedding said common system keys into each and every 
provided smart card, 

generating of a set of unique per vendor, commonly distributed only 
in provided tamper resistant hardware/ media distribution vendor 
cryptographic keys eventually used in a prior art, provided 
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cryptographic digital signal processor (C-DSP) means Involving 
several processes -with a first example prior art/ provided 
cryptographic: digital signal processor (C-DSP) means being the US 
Mationai institute for Standards and Technology^ Clipper-capstone 
chip with emhedded tamper resistant. non-volatile electrically 
erasable programmable read-only memory {TNY-EEPRCS*) , and a second 
example provided, cryptographic digital signal processor (OPSP) 
means being a prior art, digital signal processor having a silicon 
compiler designed equivalent of the former' s functions (C-DSP? means 
with added silicon compiler functions for prior art algorithm means 
for subsequent customer uses of digital signal compression audio- 
video digital compression means involving several processes and 
components with first example audio-video digital compression means 
involving several processes being given as prior art, Moving Picture 
Electronics Group standards X (MPEG X) / second ex^***ple audio— video 
digital compression means being given as prior arty fast wavelet 
audio-video compression or convolutional coding compression, third 
example audio only digital compression means being given as prior 
art/ MPEG I audio layer 3 (MP3), and fourth example audio only 
digital compression means being given as prior art, fast wavelet 
audio only compression (AAC (R ) ), furthermore, with subsequent 
customer uses of a prior art, pass -thru encryption means involving 
several processes and components which are used to transfer said 
unique customer cryptographic keys oyer wiretapable or open computer 
buses { *red biases') with a first example pass-thru encryption means 
given as common, family key, secret key encryption, a second example 
pass-thru encryption means given as common family key encryption of 
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an index iio the unique active vendor which references a pre - embedded , 
common look-\3p table of unique vendor public keys followed by the 
relevant vendor public key encrypted data which is received on the 
other end of the computer bus by family key decryption of the vendor 
index to the same pre-emhedded, common look-up table of unique vendor 
public keys followed by relevant vendor private key decryption of the 
received data block, and a third example pass-thru encryption means 
being a family key encryption of an index to the unique active vendor 
which references a pre-embedded, common look-up table of unique 
vendor secret keys followed by the relevant vendor secret key 
encrypted data which is received on the other end of the computer bus 
by family key decryption of the vendor index to the same pre- 
embedded, common look-up table of unique vendor secret keys followed 
by relevant vendor secret key decryption, for eventual manufacturing 
into a cryptographic media player, which is the process done by the 
media ticket smart card system authority's, party S*s, dedicated 
public key generation authority,, party G, using prior art algorithms 
for both public key and secret key cryptography to generate a unique 
set of vendor cryptographic keys, while having absolutely no access 
to any vendor identifications, furthermore, the sub-process of 
embedding in entirety, said unique set of vendor cryptographic keys 
in an organizational table form means involving several processes 
with first example organizational table form means being a unique 
vendor system key table which is indexed by a vendor identification 
number, furthermore, said organisational table form means is semi- 
conductor foundry factory embedded into each and every cryptographic 

digital signal processor (c-fiSP) means, while specific vendor private 
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keys and vendor secret keys incliiding a mlniiiium count of one vendor 
key of the private key of vendor party X, are factory time embedded 
into each and every one of vendor party X's eventually distributed 
media ticket smart cards inside of its embedded cryptographic micro- 
processor (C-uP) for use in a pass -thru encryption, means of several 
example pass-thru encryption means as explained in a separate 
process, 

generating of a unique media ticket smart card cryptographic key 
set or also known as a unique customer party cryptography key set, 
which is the process done by the media ticket smart card system 
authority's, party S's, dedicated public key generation authority,, 
party G, using provided/ prior art algorithms for both public key and 
secret key cryptography to generate unique customer cryptographic 
keys, v?hile having absolutely no access to customer identif ications, 
furthermore, the sub-process of embedding into a provided/ single 
said unique media ticket smart card with an embedded cryptographic 
micro-processor (c-uP), a unique customer party YTs cryptographic key 
into party Y f s eventually distributed said media ticket smart card 
with its said embedded cryptographic micro-processor (C-uP) , 

distributing of provided, said cryptographic digital signal 

processor jC-DSF) means, furthermore, the distributing of said 

cryptographic digital signal processor (C-DSP) means is based upon 

the process done by the media ticket smart card system authority's, 

party S f s, dedicated public key distribution authority/ party D, 

distributing cryptographic digital signal processor (C-DSP) saeans to 

individual media distribution vendors for manufacturing into vendor Z 
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cryptographic media players while having absolutely no access to 
whole cryptographic keys and having unique vendor party Z access to 
only his own unique vendor secret key 2 and unique vendor private key 
Z with its unique, matching public key 

distributing of the provided, factory cryptographicaiiy programmed, 
said media ticket smart cards which is the process done by the media 
ticjcgt smart card system authority's, party S's, dedicated public key 
distribution authority, party D, distributing media ticket smart 
c 3 r d s to media distribution vendors for selling to cus tomers whilz* 
having absolutely no access to whole cryptographic keys, 

escrowing of Lhe split cryptographic keys which is the process done 
by the central public key generation authority, party G, safe- 
guarding the split cryptographic customer keys, and split 
cryptographic vendor keys in an entirely secure and confidential 
manner for achievement of legal means involving several processes, 
with a first example legal means being simple customer identification 
and lost cryptographic key recovery, a second example legal means 
being court ordered only, disputed ownership cryptographic key 
recovery-, and a third example legal means being court ordered only 
cryptographic key recovery use by law enforcement, 

layering for a federated cryptography architecture which is the 
process done by the media ticket smart card system authority, party 
S, creating a federated architecture of cryptographic authority with 
3— layers, a central layer composed of the media ticket ggart card 
system authority, a local layer composed of authorized media 
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distribution companies labeled as parties Vn, and a user layer 



composed- of customers/ 



preparing of a unique play code and a unique play count which is 
the process done by the authorized digital media distribution 
company,, party Yrt, ^^£^^^j^^^}}^^^E^^ code- (a, session- key or. 
one- tlrag mser sercrretr key) , and sarxd un±qxre r play counts- {a: paid foir 
number of plays or count of free trial plays) > and preparing of the 
custom encrypted digital ; media for downloading, to each customer, 

downloading to customer, party A, at a private dwelling, prior art, 
insecure ("red bus"), personal computer (PC) which is the process 
done by the authorised digital media distribution vendor, party Yh, 
using hybrid key cryptographing steps of hybrid key cryptographic 
digital media* distribution from a central media' distribution 
authority hosted on a prior art, provided, world wide web (WWW) 
server over the global Internet to multiple prior art/ provided/ 
personal computer (PC) based web clients, one of whom is customer 
party A, of encrypted play codes (one-time secret keys or session 
keys) with header and encrypted play counts (paid for counts of plays 
or decryptions, or else counts of free trial pl avS^*Fi£kJieader for 
deposit into said factory cryptographically programmed, prior art/ 
provided, media ticket smart cards attached to prior art, provided, 
personal computer (PC based? media ticket smart card readers, and 
one-way transfer of custom: session key of one-time use oiily secret- 
key encrypted pre-unique vendor secret key encrypted digital media 
for deposit into physical digital media inserted into media: drives 

attached to prior art, provided, customer personal computers (PC's), 
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delivering by foot which is the process done by the customer, party 
A, of physically transferring both physical custom encrypted digital 
media and the customer, party A' s, programmed media ticket smart 
cards from the customer f s, party A f s, prior art, provided; personal 
computer (P£) to any person* s said cryptographic media player with 
its embedded said cf^tdgfaphic digital Signal processor (OPS?) 
means, also with a built-in media ticket smart card reader, 

encrypt ~* ^g^i-h^a pass-thru manner for media ticket smart card upload 
to a prior art/ provided, cryptographic media player means with its 
embedded, provided said cryptographic digital signal processor CC- 
DS P) means using pass -thru encrypting means involving several 
processes and components for transferring any type of digital data 
securely from originating said media ticket smart card up to 
answering said cryptographic digital signal processor (-QDSP)- means, 
with a first example pass-thru encrypting means being said common 
family key or shared secret key encryption which is known to be 
vulnerable to a single point of attack, a second exaraftle ftass-thta 
encrypting- means beincp originate vendor, unique, yendor private key 
digital signaturing to *slgna1:ured-tc3d: (not encrypted text thus' 
readable by any party) ' followed by answering vendor, unique, vendor 
public key digital public key encryption to ^cipher-text (encrypted 
text)' using said pre-embedded, common look-up table of unique vendor 
public key and matching private keys with organizational means 
involving several processes and components such as first 
organizational means being a row, column table irndex^d by a vendor 
identification number; a third example pass-thru encrypting means 
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being originate vendor, unique, vendor secret key encryption to 
^cipher-text (encrypted text which combines signaturing) f using said 
pre-emhedded common look-up table of unique vendor secret keys with 
organizational means involving several processes and components with 
f irst! organizational means being a row, aolman table indexed by a 
vendor identification number, 

encrypting in a pass a thru return manner for said cryptographic 
media„Dla-yer f s p rior art, provided, embedded said cryptographic 
digital signal processor (C-DSP) means download to said media ticket 
smart card using pass-thru encrypting return means involving several 
processes and components for transferring any type of digital data 
securely from said cryptographic digital signal processor (C-DSP) 
means to said media ticket smart card with a first example pass-thru 
encrypting return means being common family key or shared secret key 
encryption which is known vulnerable to a single point of failure, 
second example pass- thru encrypting return means being answer vendor 
unique private key digital signaturing to ^signatured- text (iion- 
encrypted thus readable by any party) 9 followed by originate vendor 
unique public key encryption to ^cipher-text (encrypted text) 9 using 
said pre-embedded, common look-up table of unique vendor public key 
and matching private keys with organizational means involving several 
processes and components such as first organizational means being the 
row, column table indexed by a vendor identification number, a third 
example pass~thru encrypting return means being answer vendor unique 
secret key encryption to ^cipher-text (encrypted text^^hxeh combines 
signaturing) r using said pre-embedded common look-up table of unique 
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vendor secret keys with organizational means involving several 
processes and components with first organizational means being the 
row, column table indexed by a vendor identification number, 

initializing before playing which; is the process done by the 
customer, party R f of preparing any party* s cryptographic media 
player with its prior art, provided, embedded said cryptographic 
digital signal processor (ODSP) means by inserting his own unique 
custom ^frypi-ed-dx^ital media, and aiso by inserting his own unique 
media ticket smart card, 

identifying of high occur ity applicatlono in noott of a high degree 
of authentication of the cuu turner where high tidcuclty' riuudt? ace iau ^e 
important than custom e r extra time and e ffort/ 

authenticating by customer triangle authentication which is the 
process done by provided/ said new art, cryptographic media player 
with its provided, said new art, cryptographic digital signal 
processor (C-DSF) means, which process step may be skipped for low 
security only when customer time and effort is of the essence, 

transferring of the cryptographic keys from the prior aft, 
provided^-sa-id^ media ticket smart card to provided said, new art, 
cryptographic media player having its prior art, provided, embedded 
said cryptographic digital signal processor (C-DSF) means by said 
pass-thru encrypting means of the unique customer cryptographic keys 
over wiretapable or open computer buses { 'fed I' buses') which is the 
process done by the cryptographic media player to receive encrypted 
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play codes with header and encrypted play counts with header from the 
media ticket smart card n which are pass-thru encrypted by the 
several pass- thru encryption means involving several processes and 
components for transfer over wiretapable computer buses ( *red buses' ) 
f;6 the pfcayer's own cryptographic memory (TNV-EEFRjCM) for access by 
its cfyptogra^tfiic digital signal processor (C-DSP) means, witfi said 
first example pass-thru encryption means being the common family key 
encryption vulnerable- to a* single point of attack, a gaid second 
example pass-thru encryption means being the pre -embedded, common, 
look-up table of vendor private keys and matched public keys which 
uses a family key encrypted, common table index for efficient active 
table entry access, a said third means of pass-thru encryption being 
the unique vendor secret key encryption with use of a common, look-up 
table of vendor secret keys which uses a family key^tfcfqqate d- ^ntmnn 
table index or vendor ID number for efficient active table entry 
access, 

transferring of the cryptographic keys away from provided said, new 
art, cryptographic media player having its embedded said 
cryptographic digital signal processor (C-DSP) means to said media 
ticket smart card by pass-thru encrypting return means of the unique 
customer cryptographic keys over Wiretapable or open computer buses 
( *red buses' ) which is the process done by the cryptographic media 
player which are pass- thru encrypted by the several pass- thru 
encryption means for transmit using it's cryptographic digital signal 
processor (C-DSP) means, the encrypted play codes wifLfeheader and 
encrypted play counts with header both with cryptographic digital 
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signal processor (OPS?) mfearis incremented sequence counts (to avaid 
recorded replay attacks without the use of synchronized digital 
clocks) to the media ticket smart card A transferred over wiretapafele 
computer buses, with said first example pass-thru encryption means 
being the common family key encryption vulnerable to a single point 
Of attack, a said second example pass-thru encryption means being ttie 
pre-embedded, common/ look-up table of vendor private keys and 
matched public keys' which uges~ ai- family key encrypted/ common tabic 
index for efficient active table entry access, a said third means of 
pass- thru encryption being the unique vendor secret key encryption 
with use of a common, look-up table of vendor secret keys Which uses 
a family key encrypted, common table index or vendor ID nusnbGr for 
efficient active table entry access, 

authenticating using media triangle authentication which is the 
process of matching the unique digital media with its matching unique 
play do<te by tfr£ method done by said cryptographic media player's 
embedded said cryptographic digital signal processor doing digital 
media triangle authentication using sample reads of test data with 
successful decryption, 

cryptoqraphing using hybrid key cryptography which is the process 

done by provided said, new art, cryptographic media piayer's embedded 

said cryptographic digital signal processor jC-DSP) means using 

hybrid key cryptography which is the process of using" hybrid key 

cryptography which uses public key cryptography to authenticate 

remote parties, do digital signatures to authenticate digital media 

and establish media integrity with a remote party, and encrypt one- 
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time secret keys known as session keys (ssk-n) , used for only one 
session, which said session. J^yslJarg^en^ party who 

decrypts them for storage in Ms own tamper resistant/ non-volatile 
memory (fW-K£M(JM) embedded on his black, cryptographic digital 
signal processing (ODSB) means with a f irst, example means of the 
pfidr art cryptographic digital signal proces^oir (C-DSF) , and A 
second example means of a cryptographic central processing unit (O 
CPU) r which said Scission keys- may be later stored in tamper resistant 
non-volatile memory (TNV^EffFROHT embedded in a media ticket smart 
casd vtheiee they axe referred to as play codes with, paid tor and 
authorized play counts> 

accounting by provided said cryptographic: media player' s gmbedd^d, 
said cryptographic ^digital signal processor (C-DSF) means which is 
the process done using hybrid key cryptography digital media playing 
of one-way transfer of custom session key encrypted digital media 
owned by party n in a controlled access manner mostly for financial 
accounting purposes which uses the play codes (session key or one- 
time secret key) and play counts {paid for number of plays or count 
of free trial plays) contained in media ticket smart cards, 

playing 'by provided, said cryptographic media: player having its 

embedded, provided, said cryptographic digital signal processor {C- 

DSP) means which is the process done using hybrid key cryptography 

Which is the process of using hybrid key cryptography to db digital 

media playing in a controlled access manner using play codes (session 

key or one-time secret keys) and play counts (now contained within 

registers in the cryptographic digital signal processor (C-DSp) means 
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and also the hardware secret key double decryption directly used upon 
the custom encrypted/ one-way transfer of custom session key 
encrypted digital media which is pre-unique vendor secret key 
encrypted, using first the unique customer session key decryption and 
then the unique vervdor secret key decryption with sequence number 
checks for counter irig recorded replay attacks, 

escrowing retrieval of lost, stolen, or disputed ownership media 
tlcket-^kart cards which is the process done by the customer, party 
n, which collection of processes of or methods of invention sets 
systems standards and integrates components into a system which can 
be used in the future for new forms of internationally standardized 
cryptography sanctioned by industry trade groups such as the 
Recording Industry Association of America's (RIAA's) Secure Digital 
Music Initiative (SEMI)-, the National Association of Broadcaster' s 
(NAB's) Secure Digital Broadcast Group (SUBci) , and also nationa l 
ritnndardn . agcnnion fiuah an the American National Standardn Inat r i ^*£ke 
(ANSI), National Institute for Standards and Technology (NI3T) , or - 
international telegraphy union [IHU hr 

whereby the present invention creates several processes for doing 
unique, customer custom session key or one-time secret key encrypted 
copies of initially unique, vendor secret key encrypted/ dig! Lai iiiedia 
distribution over the prior art, insecure ( *red bus' ) Internet using 
secure, World Wide Web (WWW) Pblack' ) Servers involving the 
cryptographically secure transfer ( Mown load ' ) from Web server to 
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customer prior aft, personal Computers (PC's) over insecure { % red bus') 
<E-nteimet connection lines, of custom encrypted, digital media to prior 
art:, standard form recordable media, and also custom decryption 
cryptographic keys ( *play codes' ) and custom pre-programmed accounting 
counts ( *play counts'*)' for deposit dntc> priror art; smart cards Galled 
media ticket smart cards, 

Whereby the present invention creates several processes for securely 
physically transferring (^footprint download') of both said custom, 
encrypted digital media on standard form recordable media along with 
the customer' s universal media ticket smart card for ail vendors and 
all digital media to said cryptographic media players having embedded 
pre-progransmed pridf art, said cryptographic digital signal processors 
(ODSP's) for media playing which are universally and uniquely, pre- 
programmed for every authorized vendor participating in the system, and 
can also accept any authorized, unique customer's smart card which must 
have relevant play codes and play counts for upload and use which aire 
both uniquely matched to the authorized custom encrypted digital media 
inserted for playing, 

whereby the present invention allows using several of the above 
systems processes in safeguarding multi-million dollar digital masters 
released by vendors through World Wide Web (WWW) distribution. 
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PROCESS STEP 30 » The invention and processes of claim 29 whereby 



the process or methods steps of generating of a set of common system 
keys which is the process done by the media ticket smart card system 
authority ? s, party S's, dedicated public key generation authority, 
party G, using prior art algorithms for both public key and secret 
key cryptography to generate system cryptographic keys r while having 
absolutely no access to any vendor identifications/ furthermore, the 
sub-process of embedding said common system keys into each and every 
cryptographic digital signal processor (G-DSPj means, furthermore, 
embedding said cOniiuOii sysLein keys into each and every smart card, 
which is accomplished by the sub-steps of:, 

generating from,, qc>mpletely random noise a system family key 
(fak^F) used as a first example means for pass^thrn encryption, 

generating of an initialization vector (iv) for use in a system 
message authentication cipher (mac) . 
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PROCESS ST&E 31. The invention and processes at claiat 29 whereby 

the process or generating of a set of unique per vendor, comnioniy 

distributed only in- tamper resistant hardware (-T NV-EE-PKOM)-,- media 

distribution vendor eryptographic keys eventually used in a prior 

art, provided, said cryptographic digital signal processor (C-D5P) 

means involving several- processes with a first example cryptographic 

digital signal processor (C-DSP) means being a prior art, provided 

cryptographic digital signal processor (C-DSP) means being- the prior 

art, popular Texas Instrument r s TMS-32P DSP along with additional 

silicon c^ipli^f desigiied fuiiclrioiis for Die US Nalidiial IiisCiLule fox 

Standards and Technology 7 s Clipper- Cap stone chip with eiabedded tamper 

resistdnt non-voidtiie electrically erdsdbie progrdmmdble redd-only 

memory (TNV-EEPRCM) , and a SBCond example said new art cryptographic 

digital signal processor f C-DSP? means being a prior art, digital 

signal processor (DSP) such as the Texas Instxuments TMS-320 having 

additional silicon compiler designed functions for prior art 

algorithm iaedris for subsequent custoiaer uses of digital signal 

compreasdon /; au dio r vi deo -. digital compression means-, involving several 

processes and components with first example- audio-video- digital 

compression means involving several processes being given as prior 

art, Moving Picture Electronics Group standards X (MPEG X), second 

example audio-video digital" compression means being given as prior 

art, fast wavelet audio— video compression or convolutional, coding . 

compression, third example audio only digital compression means being 

given as prior art, MPKG i audio layer 3 (MP3) , and fourth exan^>le 
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audio only digital compression means being given as prior art,, fast 
wavelet audio only compression (ARC (Rr ) ) > furthermore;. wi.th > 
subsequent customer uses of a prior art, pass^ thru encryption; means- 
involving several processes and components which are used to transfer 
sa:-id unique customer cryptographic keys- over wiretapafele or open 
computer buses; {-red buses'), with k first example pass-thru 
encryption means given as common,, family key/ secret key encryption, 
a second example pass-thru encryption means given as common family 
key encryption of an index to the unique active vendor which 
references a pte-embeddedy common look-\xp table of xmigxie vendor 
public keys followed by the relevant vendor public key encrypted data 
which is received on the other end of the computer bus by family key 
decryption of the vendor index to the same pre^embedded, common look-- 
up table of unique vendor public keys followe&41y_rele^^ 
private key decryption of the received data block, and a third 
example pass-thru encryption means being a family key encryption of 
an index to the unique active vendor which references a pre -embedded, 
common look-up table of unique vendor secret keys followed by the 
relevant "vendor secret key encrypted data which is received on the 
other end of the computer bus by family key decryption of the vendor 
index to the same pre-embedded, common look-up table of unique vendor 
secret keys followed by relevant vendor secret key decryption, for 
eventual manufacturing into a cryptographic media, player; Which is 
the process done by the media ticket- smart* card system authority's, 
party S's, dedicated public key generation authority, party G, using 
prior art algorithms for both public key and secret key cryptography 

to generate a unique set of- vendor- cryptographic keys, whrfre having ' 
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absolutely no access to any vendor icteritif icatidiis, furthermore, the 
sub-process of embedding in ent iret y , said unique set of vendor - 
cryptographic keys- in an organizational table form means involving 
several processes with first example organizational table form means 
being a unique vendor system key €afefce wfrireh is indexed by a vendor 
identification number, furthermore/ said organizational table form 
means is semi-conductor foundry factory embedded infco^eac&--and* every 
cryptographic digital signal processor (C-PSP) , while specific vendor 
private keys and vendor secret keys including a minimum count of one 
vendor- key of the private key of vendor - party x> are factory time 
embedded into each and every one of vendor party X* s eventually 
distributed media ticket smart cards inside of its embedded 
cryptographic micro-processor (OuP) for use in a pass^thni 
encryption means, af several example., passer &3&£LjasKiz^^ 
explaixiexi in a: separcrbe process-/ wiricir jbg accomplished- birxouyh bhg- 
sub-steps of: 

generating of vendor secret keys (sek-Vn) , unique to each media 
distribution vendor, party Vn, for later use in embedding a 
complete set of media distributor secret keys (sck-Vl to sck-Vn) 
ty-^2u02 -considered secure secret key, secure key bit lengths are 
from 56-blts excluding parity bits in triple key modes equivalent 
to 168-bits up to non-triple key mode use of a secret key length of 
256-bits without parity bits with a constant need £or key strength 
increases to counter ' scalable computer techno logy - improvements ) , 
into every cryptographic media player along, with a s.ys.6sfe--£amr;Ljc - 
key (fak-F) , and also for eventual iiidx recti y- pags-ing- oulr bo eadfr 
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media di strxbati on vendor, party Yn, only his own secret key tsek- 
Vn), 

getteratxtig: of" arttgue vendat private key CpxV'Vil? ^ public key 
(puk-¥n) pairs-/ for each media distribution vendor/ party Vn> for 
embedding a system family key {fak-F) (y. 2002 considered secure 
system key bit lengths are 512-bits for secret key encryption and 
3Q48-^bi ts for public key encryption : wi thr adjustments' for eacir type 
of application with a minimum ten year fjejiaUjise frpforp upgraded 
assxmption requiring a linear yearly increase in minimum key 
lengths giving exponential key strength improvements by a power of 
two) ,, a complete set of vendor public keys (puk-VL to puk-Vnj (y» 
2002 considered secure -public key/ secnre key bit ^ length^ are frcntf 
1024-bits up to 2048-bits with a constant need for linear key 
length increases to counter constant exponential improvements in 
computer technology) , and a complete set of vendor private keys 
(prk-Vi 1 to prk-Vn) (y.2O03 considered secure- ajr the- same" bit 
lengths as the public keys for most public key algorithms) , in a 
pre-embedded, common, vendor look-up table form using an efficient 
vendor tabid look-up index to thd vendor which is family k£y 
encrypted tor trans it/,,, .into each and every cryptographic digita l 
signal processor (-C-D5-P)- means for eventual manufacture into every 
authorized cryptographic media player f 

escrowing of all vendor split cryptographic keys generated with 
a minimum of two central public key escrow authorities/ parties en, 
and other escrow actions. 
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PROCESS STEP 32. The invention and processes of claim . 29 whereby 
the process or methods steps of generating of a unique media ticket 
smart card cryptographic key set or also known as a unique customer 
party cryptography key set, whiGh is the process done by the -media 
ticket smart card system authority's, party S y s, dedicated public key 
generation, authority, party G, using prior art algorithms for both 
public key and secret key cryptography to generate unique customer 
cryptographic keys, while having absolutely no access to customer 
Identifications/ furthermore/ the sub-process of embedding into a 
single provided, said unique media t±6K4€ £iftaf t dai<i a unique 
customer party Y's cryptographic key into its provided, said 
cryptographic micro-processor (C-iiP) , which is accomplished through 
the sub-steps of: 

generating of" public key pairs for different customers, 
parties A ~ 2 (excepting reserved notation use of already 
assigned letters D, E, F, P, S) comprisirig of private keys tpfk- 
n) and corresponding public keys (puk-n) , while having 
absolutely no access to customer i dent if icatiehs and using prior 
art public key cryptography, 

generating of an incremented, top secret customer index number 
ECIN] also a related public citizen identification mSfeer' [GIK1 
composed of the message authentication cipher (mac), which is a 
secret initialization vector (IV) based message digest cipher 
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(MDC) f of customer index number ( [MAC [CIN] ] which is publicly 
printed upon the exterior of each media ticket smart card, 

generating of a customer public key database which indexes 
message authentication cipher (mac) of customer index number 
( [MAC [CIN] I to the blank private key field, to the corresponding 
public key for passing to the central public k&y distribution 
authority, party D, 

embedding into media ticket smart card a, a means for pass- 
thru encryption with first example pass-thru encryption .means 
being a single, common, system family key (fak-F) (known as 
being vulnerable to a single point hacker attack to breach the 
entire system), and second example pass- thru encryption means 
being a complete pre- embedded r coaaaon, vendor pxiblic and private 
key table which is accessed with a vendor index, 'furthermore, 
the private key (prk-a? for customer party A indexed by message 
authentication cipher (mac) of customer index number ( [MAC [CIN] ] 
also known as the public customer identification number, also 

embedding into media ticket smart card b a system family key 
(fak-F), the private key (prk-b) for customer party b indexed by 
message authentication cipher (mac) code of customer index 
number ( [MAC [GIN] ] , etc, , 

generating of an initial media ticket smart card access code 
means involving several processes and components such as a first 
access code means of a unique password, a second access code 



310 of 737 



means of a unique passphrase-passcode, a third access code means 
of a unique bio-identification/ with storage into a common 
database organizational means involving several processes and 
components with first example common database organizational 
means being a data structure indexed by message authentication 
code (mac) of customer index number {[MACfCINjj for release to 
the central public key escrow, access code authority, party £A, 
who will later on release it to the registered customer for 
initial media ticket smart card use, 

handing the media ticket smart cards to the public key 
distribution authority, party D> and furthermore, 

escr owing of all customer split cryptographic keys generated 
with a minimum of two central public key escrow authorities , 
parties en, and other escrow actions. 
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PROCESS STEP 33 « The invent ion and processes g jg claim 29 whereby the 
process or .method or steps to do distributing of said cryptographic 
digital signal processors (C-DSP* s) based upon a starting point/ 
provided said, hardware cryptographic digital signal processor jC-DSP) 
means, f urthermore, the distributing of cryptographic digital signal 
processors (C-DSP' s) is based upon the process done by the media ticket 
smart card system authority's, party S's, dedicated public key 
distribution authority, party D, distributing cryptographic digital 
signal processors (C-DSP's) to media distribution vendors for 
manufacturing into cryptographic media players while having absolutely 
no access to whole cryptographic keys, which consists of the sub^steps 
of: 

distributing of the cryptographic digital signal processors {C- 
DSP's) in a physically secure transport and audit trailed chain of 
control by the central public key distribution authority, party D, 
only to authorized media distribution vendors, parties Vn, 

manufacturing by the authorized media distribution vendors, 
par_ti.es- Vn^. of: cr-ypto.gr.aph i.e.. digi-taL. signal- processor, (C-DS.E). means, 
into different im-msr of' cryptographic media players' wxfcir vgriogy 
specialized functions and applications, 

retailing by th£ authorized media distribution Vendors of 
cryptographic media players each having a vendor unique, embedded 
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cryptographic digital signal processor (ODSP) meaiis with various 



specialized functions and applications to consumers- 



v 
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PROCESS STEP 34. The invention and processes of claim 29 whereby the 
process of or method of steps to do distributing of the media ticket 
smart cards which is the process done by the media ticket smart card 
system authority^, party S T s, dedicated public key distribution 
authority, party B, distributing unique to each customer , 
cryptographic-ally programmed, provided, media ticket smart cards to 
media distribution vendors for selling to customers while having 
absolutely no access to whole cryptographic keys, which consists of the 
sub-steps of: 

assigning of media ticket smart cards eventually to media ticket 
smart card users which is the sub-step done by the central public key 
distribution authority/ party D, assigning media ticket smart cards 
received from the public key generating authority from the methods of 
e±srttm process step 32, to authorized media distribution vendors and 
eventually to media ticket smart card customers who will register 
names, addresses, etc. which can be mapped into a database by the 
publicly known message authentication cipher {mac? of customer index 
number ([MAC[CIM]j on the exterior of the media ticket smart card, 

Imprinting e& media bickeb smar-b cards" which is-- bhe stib-sbep done 
by the central public key distribution authority, party D, imprinting 
the media- ticket smart cards^with customer identification which 
fields are accessed by using the media ticket smart card customer 
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identification field family key obtained from the public key 
generating authority, 

cU-S^gUa^ cards. t,q cug_t^qme_rs which is the 

sub-step done by -the- central- public key distribution authority, party 
D, giving the media ticket smart cards to authorized media 
distribution vendors, parties Vn, for sailing the madia ticket smart 
cards to media ticket smart card customers through an appropriate 
secure, physical channel such a, retail store/ express mail, and , 
registered mail which media ticket smart cards are useless without 
registration with the central public key distribution authority, 
party D, and receiving of a temporary media ticket smart card access 
codes unless a wildcard access code was programmed by the public key 
generating authority; 

PQgsegs.ing oX. Tnedla. ticket, smart. cards. whi.gh is. the. sujb-step done 
by the customer> party- A; receiving a media ticket smart card with 
exterior message authentication code (mac) of customer index number 
(fMAC[Clfljj and registering the . media, ticket smart card at the., retail 
store or by mailing back in a registration card with customer party 
n T s name/, address /. phone, number/, e-mail address, etc^ and public , 
customer identification, .number which, will allow the central public 
key distribution authority, party D, to use its customer database to 
map such identifications to the customer's public key, 

publishing of the public keys which is the sub-step, done by the 
central public key distribution authority, party D, openly publishing 

Ujsi-:n^.,.i T p ? t.eCT.feti protocol. (TP) over, the mtLexnejt. f r_c*m veil sjexy.ex. all . 
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public keys and appropriate user identities such as name and message 
authentication cipher (mac) of customer index number {[MAC[CIN,1] with ., 
a publishing example means using several process steps being the 
widely used, industry standards committee established, €e nsul tat lire 
Committee for International Telephone and Telegraph* a (CCITT's) (now 
called the International Telegraphy Union's . {ITU * s)) X.509 digital 
certificate format, 

handling of media , ticket smart card temporary user access codes 
which is- the- sub-step done by the central public key distribution 
authority, party D, handing only customer name, mailing address, and 
phone number indexed by a unique customer identification means 
involving several processes with a first unique customer 
identification means being a message authentication cipher {MAC) of 
the secret customer index number (CIN) to said public key escrow, 
access code authority (puk-EA) which said public key escrow, access 
code authority party (puk^EA) , already has from process 32, the media 
ticket smart card temporary access codes also indexed by the same 
message authentication cipher (MAC) of the secret customer index 
number (CIN)> furthermore, the public key escrow, access code 
authority party (puk-EA) has no media ticket smart cards or media 
ticket smart card reader family key from the claims of process 30, 

distributing of media ticket smart card temporary user access codes 

which is the sub-step done by said public key escrow, access code 

authority,, party. Eft/,.... matching,, customer names,, mailing address, and , 

phone number to temporary media ticket smart card access codes in 

order to mail out media ticket smart card temporary access codes to 
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media ticket: smart: card users, after which the public key access code 
authority promptly destroys, all information it has used except for 
confirmation of the mailing, 

PROCESS STEP 35. The invention and processes of claim 29 whereby 
the process of or me thod of s teps to do e scrowing of the split 
cryptographic keys which is the process done by the central public 
key generation authority,, party Gy safe-guarding the split 
cryptographic customer keys, and split cryptographic vendor keys in 
an entirely secure- and confidential manner with l&gal first means for 
simple customer identification and lost key recovery, second means 
for disputed ownership court ordered recovery, and third means for 
court ordered only use by law enforcement, which is accomplished 

skipping of this complete process step where legal attributes of 
the cryptographic system are not necessary, 

receiving of the*. split cryptographic customer key database .of 
customer private keys, PrK-n (a minimum of" a front ftairand a back 
half key) and, also the split cryptographic v^uflpx.. Key database. oX. . 
vendor priv&lre keys* prk-Vn, and- vendor- seeceb keys, sek-Vn (a 
minimum of a front half and a back half key) which is the sub-step 
done by the central public key escrow; authorities, parties- en, 
receiving split key databases from the central public key 
generation authority,, p.ar,ty G,, 
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anti-collaborating prevention means which is keeping separate 
the key split customer and vendor cryptographic keys between a 
minimum of two (for a front half of key and a back half of key) 
independent key escrow authorities L parties En who have absolutely 
no access to customer identifications, 

receiving of m&dia ticket smart card initial media tick&t smart 
card access codes which is the sub-step done by the independent 
public key access code authority/ party EA, receiving from, the 
public key generation authority, party G, a database of initial 
media ticket smart card access codes indexed by message 
authentication cipher (mac) of customer index number (-[MAC [CINj j 

and also receiving from the central public key distribution 

<» 

authority,, party P.,. customer names* mailing, addresses, and e-mail 
accounts also indexed by message authentication ciphBr (mac) of 
cus tester index number (.[MAC [CIN] ] 

distributing of media ticket smart card initial access code 
means involving several processes and components with first exaaaple^ 
access code means being a unique password, and second example 
access code means being a unique pass phrase or pass code, and 
third example access code means being unique bio-identification 
which must be % warm-blooded', authorized human agent programmed into 
the smart card after ^warm-blooded' human customer authentication, 
and fourth and the highest security access code means being a 
particular type of two-phase authentication means which involves 
both bio-identification authentication which must be * wa rm-bl ooded* 



authorized human agent programmed into said media ticket smart card 



318 of 737 



for bio- identification access code means retrieval along with 
initial default and subsequent unique customer passphrase-passcode 
programmed into said media ticket smart card for passphrase- 
passcode access code means done in addition) which is the sub-step 
done by the public key access code authority, party Efi., secure 
means transmitting through first example means of certified mailing 
or secure e-mailing to customers, of the initial access , codes,, after 
which receiving back confirmation it promptly destroys all 
knowledge of customer identifications- 
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EPROCESS. STEP 36.. The, inuerttiori , arid^praces^es, at claim 29.^ whereby . 
the process of or method of steps to do layering for a federated 
cryptography architecture which is the process done by the media 
ticket ssaart card system authority, party S r creating a federated 
architecture of cryptog rap hic a uthority with three-layers, a central 
layer composed of the media ticket smart card system authority,, a 
local layer composed of authorized media distribution company parties 
Vh, and a user layer composed of customers, through the sub-steps of: 

layering into 3-layers of a federated architecture of 
cryptographic authority: 

a central layer composed of a media, ticket smart card 
system authority, 

a local layer composed of authorized media distribution 
companies Yn, and 

a user layer composed of customers. 
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PROCESS . STEP 3?.^ The, invention, arid .processes, of claim 29, whereby , 
the process of or method of steps to do preparing of a unique play 
code and a unique play count which is the process done by the 
authorized digital media distribution company, party Vn, preparing 
said unique pl a y, code (a session key or one-time use secret key) , and 
said unique play counts (a paid for number of plays or count of free 
trial plays) , and preparing of the custom encrypted digital media for 
using provided algorithms for Web custom encrypted media downloading 
to each customer, through the sub^steps of; 

preparing of the media, header for each download media session 
which is: 

unique vendor and customer encrypted play code with media 
headier (and sequence numbers) : 

i 

public vendor identification number [MA.C[V1N]] = 
message authentication cipher (mac) of top secret vendor 
index number (vin) , 

session identification nnmber, 



customer A public key encrypted ( 
vendor secret key encrypted { 
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vendor digitally signed (play code 

(session key or one-time secret key) , 
vendor sequence number, 
message authent icat loft cipher (mac) of 
customer identification number K) ) , 
customer (pass-thru encryption use) sequence nusaber , 
} = temp- 9 a,. 



unique vendor and customer encrypted play count with media 
header (and sequence numbers) : 



{ 



public vendor identification number [MAC[VIN]J. = 
message authentication cipher (mac) of top secret vendor 
index number (vin) , 

session identification number/ 

customer A public key encrypted ( 

vendor secret Key encryptedT 

vendor digitally signed {play count 
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(paid for numbers of plays , 
-1 for infinite plays, 
count of free trial plays) 
vendor sequence member,, 
message authentication cipher (mac) of 
customer identification number YM, 

customer (pass- thru encryption use) sequence number * 

I z temp-9b, 

encrypting of the play codes (session keys or one-time secret keys) 
which are truly random numbers in a desired range with header is a 
p rocess of first, the vendo r digitally signs (prk-Vn) the decrypted 
play code,, and then attaches the header and sequence number and , 
secondly, the vendor three-way encrypts the result with the sequence* 
of first encryption with the secret key of the vendor, sek-Vn, second 
encryption, with the public key of receiving oustOHser, party A, pufc- 
a, third encryption with the system family key, fak-F, for pass-thru 
encryption means with first example pass-thru encryption means being, 
common family key encryption (a known single point of vulnerability 
if breached) :. 

" Vn-fak-F(terap-9a) 

= . pass-thru encrypted play code with header (and sequence 
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numbers ) , 



which first pass-thru encryption means requires for pass-thru 
cteccyptiQU ou tUe receiving eudU. the cororoion family key symmetric 
cryptography based decryption in an exactly similar manner, 

second pass -thru encryption example means being using the public 
key of the transitu t ting en d vendor/ puk-Vn f with a pre-embedded, 
common,, vendor private and public key table efficiently accessing by 
the receiving end vendor , party ¥n' , with use of a table index which 
is family key encrypted to avoid tampering: 

fVh-fak-F (index to the vendor key table), vh-Fuk-Vn(temp-9a) } 

- pass-thru encrypted play code with header (and sequence 

numbers) , 

which second means of pass-thru decryption requires for pass-thru 
decryption both the common family key^ Vn f -f ak-F, and the unique 
vendor- pr ivate - feey > Vn' -Prk-Vn, 

third pass- thru encryption example means- being the transmitting 
vendor, party Vh, using the transmitting vendor's unique secret key f 
sgK-^vjgy. and a family key encrypted table index to a pre -embedded/ 
common table of unique, secret vendor keys in: 

fVn-fak-F (index to the vendor secret key table) , 

vff-seK-vN (temp-9a) } 
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~ pass-thru encrypted play code with header (aad sequence 
numbers) , 

which third pass-thru encryption means requires for pass-thru 
decryption both the common family key, Vn'-fak-F, and the unique 
vendor secret key/ Vn 7 -Sek-Vn, 

furthermore: 

in. the given in this system, usual absence of an authorized and : 
trusted system wide , synchronized system of clocks used with a time- 
stamping technique/ the alternate method of sequence number use is 
needed to prevent ^recorded replay hacker attacks' or digital 
recordings of encrypted messages and complete digital re-plays in 
entirety without decryption, on wiretapable buses of pass- thru 
encrypted signals inside of the cryptographic media player, 
furthermore, the sequence number can only be incremented by a party 
with the vendor secret key (sek-vn) , customer private key (prk-n) , 
and system family key (fak-F? who are the party G for any vendor, the 
party Vn only for his own play cod^s and play counts, or the, 
cryptographic media player, party p, for any vendor which player has 
a collection of all vendor secret keys {sek-VT to Vn) and a 
collection of all vendor private keys (prk-VT bo Vn) , furthermore, 
used in key ownership re-assignment operations by the cryptographic 
digital signal processor (C-DSR> means in the cryptographic media 
player, party P f furthermore, the customer (family key) sequence 
number is, used, in media ticket smart card loop-back operations, 
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furthermore, the player can also check the vendor digital signature, 
and can obtain the customer party a f s private key {prk-a) and public 
key (puk-a) from customer's inserted media ticket smart card a, 

encrypting of play counts (counts of paid for numbers of 

play, 1 for indefinite plays, or counts of free trial plays) which 
are encrypted by the sequen ce of using th e first exam ple pass- thru 
encryption means using the common family, key. (fak-F) which, is known 
vulnerable to breaches: 

¥n-£ak-¥n-{ tesip- 9b I 

= pass-thru encrypted play count with header (and sequence 

nuiabers) , 

with the second, example pass- thru encryption means using,, the,, vendor 
public key being obvious from the above example in. this same ciaira, 
and third example pass-thru encryption means using^ the vendor secret 
key also obvious froia the above example In this same ej-a-ifl* process 
step. 
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PROCESS. STEP 3.8^ The, invention, and, process eg, of claim 29, whereby, the , 
process of or method of steps to do downloading to customer, party &> 
at a private dwelling/ prior art, insecure ( % red bus*), personal 
computer (PC) which is the process done by the authorized digital media 
distribution vendor, party yn, using h ybrid key cryptographing steps of 
hybrid key, cryptographic digital media distribution from a central 
media distribution authority hosted on a provided; world-wide web (jjjjjjj 
server over the provided/ global Internet to prior art, provided, 
multiple personal computer (PC) hased web clients of encrypted play 
codes (one-time secret keys or session keys) with header and encrypted 
play v counts , (paid for counts of plays or decryptions, or else counts of 
free trial plays) with header for deposit into media ticket smart cards 
attached, to petrosal computer. «?jed.l,a. ticket smart, ca.rd, readers, and,, one.- 
way transfer- of custom session key or, one-time use only secret key 
encrypted digital media which is pre-unique vendor secret key 
encrypted, for deposit into physical digital media inserted into media u 
drives attached t.o personal' computers, through the sub-steps of : 

encrypting for Web download from a trusted fleb system server to 
the media ticket smart card in a personal computer (PC) using pass- 
thru encryption means involving several processes and components 
for transferring any type of pre-vendor unique secret key encrypted 
and sequence numbered digital data securely. from. any trusted Web 
server system source/ over the wiretapable ( *red bus*")" internet, 
down., to a,uy trusted, toedta ticket sro&£t caxd UisjsEted. Uito <i pcloc . 
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art personal computer (PC) , with a first example pass-thru 
encrypting Beans being, said common family Key or shared secret key 
encryption which is known to be vulnerable to a single point of 
attack, a second example pass-thru encrypting means being a single 
unique originating- vendor private key digital signaturing into 
^signatured text (non-encrypted and readable by anybody) r and then 
the answer vendor's unique public key used for public key 
encryption on the trusted Web server assuming that the media ticket 
smart cards each have an entire common,,, embedded set of a unique 
vendor-: look-up- table of both vendor public keys and vendor pr ivate 
keys with first organizational means involving several processes 
and components being a row and column look-up table indexed by 
unique vendor identification number, a third example pass-thru 
enc ryptin.g i^eans- being • a un i qu e. . , vendor , seer e, t , key, used,, for, secret . 
key ee/crypt-loir { c^jmblxied wl Lh secrel-key signa Luring - ligi i luring ) on 
the trusted Web server assuming that the media ticket smart cards 
each have an entire common, embedded set of a- 1 unique vendor look-up 
table of unique vendor secret keys with first organizational means 
being a row,, column table indexed, by, a vendor identification , 
number, 

encrypting- for ^web upload ^f rom > .a media ticket smart card in a 
personal computer (PC) to a trusted Web system server using pass- 
thru encrypting return means involving several processes, and 
components for transferring any type of closed- loop, feed-back path 
digital: data , securely from, a,, trusted, system, destination, from, a . 
bi^s-.b-^^medLLa--r t-ickeb- :smar^....ca:rd.^i:x^iey^ed^-iu-tor--a- personal computer- 
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(PC) over the wiretapable ( *red bus' ) Internet back to the trusted 
Web server,, with a first example pass-thru encrypting,, return means 
being said common family key or shared secret key encryption which 
is known to be vulnerable to a single point of attack, a second 
example pass-£hru encrypting return means assuming that each media 
ticket smart card has an entire common, embedded, said look-up 
table of unique vendor public keys and private keys, being an 
answer vendor's private key digital signaturing to ^signatured text 
(non-encrypted text thus readable by any party) * followed by the 
unique- originating vendor' s public key for public key encryption to 
^cipher-text (encrypted text) f with use of the pre-embedded in each 
media ticket smart card, common look-up table of unique vendor 
public key and matching private keys with organizational means 
imco lying, sgv:er,al; processes, and, CQmppnents such as first s 
organizational means - be ing - the - row, co 1 u mn t abl e - indexed fay a - 
vendor identification number, a third example pass-thru encrypting 
return means being said pre-emb&dded common look-up table of unique 
vendor secret keys with organizational means involving several 
processes ami components with first organizational means being the 
row, column table indexed by a vendor identification number, 

accounting- by credit card if payment for the CAistoitv encrypted 
digital media is due to the media distribution vendor, 

cryptographing from a media distribution vendor's secure media 

web server to a customer party A f s personal computer (PC) using , 

prior art, commercial, low security, secure sockets layer hybrid 

key cryptography of already pass-thru encrypted with incremented 
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sequence numbers (to prevent recorded replay attacks) y encrypted 
play, cades, {one-time secret keys, or session, keys), with header and . 
encrypted play counts (paid for counts of plays or decryptions or 
else counts of free trial plays) with header for deposit into media 
ticket smart cards attached to built— in media ticket smart card 
readers, 

cryptographing from a media distribution vendor r s secure media 
>?eb server to a customer party a* s. personal computer (PC) using 
prior art, commercial , lovt security, secure sockets layer hybrid 
key cryptography of already custom, encrypted digital media for 
deposit into physical media inserted into bull t-*in media drives. 



/ 
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PROCESS STEP 39^ The, invent ion, and, processes, of, claim, 29. whetehy. 
the process of or method of steps to do delivering by foot which is 
the process done by the customer^ party A, of physically transferring 
both physical custom encrypted digital media and the customer, party 
A's, programmed media ticke t smart car d s fr om the customer's, party 
A' s,.. personal computer (PC) to any person's provided,; cryptographic 
media player with a built-in provided, media ticket smart card 
reader, which consists of the sub-steps of: 

transporting his own custom encrypted digital media to any 
cryptographic media player along with his own media- ticket smart 
card A, 

inserting of his own custom encrypted digital media and his 
own media picket smart card A int f o any cryptographic media 
player with a built-in media ticket smart card reader. 
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PROCESS STEP 4Q^ The, invention, of, cl a tin.,, 29 . whereby the . process, . of 
or method of steps to do said encrypting in a pass- thru means which 
involves several other processes for media ticket smart card upload 
to provided said cryptographic media player having an embedded, 
provided said cryptog rap hic digit al signal processor (C-DSP) means 
using pass-thru encrypting means involving several processes and 
components for transferring any type of digital data securely from 
originating said media ticket smart card up to answering said 
cryptographic digital signal processor (C-DSP) means, with a first 
example pass-thru encrypting means being said common family key or 
shared secret key, encryption which is known to be vulnerable to a 
single point of attack, a second example pass-thru encrypting means 
bglng originate vendor, unique, vendor private Key digital 
signaturing, to ^signatured- text (not encrypted text thuSv readable- by 
any party) * followed by answering vendor, unique, vendor public key 
digital public key, encryption to * cipher- text (encrypted text ) r using 
said ^ pre -embedded; common look-up table of unique vendor public key 
and matching private, keys with organizational means involving several 
processes and components^ such as firs t- organizational means* being .a 
row, column table indexed by a vendor identification number, a third 
example pass- thru encrypting means being originate vendor, unique, 
vendor secret key encryption to ^cipher-text (encrypted text which 
combines signaturing) f using, said, pre-embedded common look-up, table 
of unique vendor secret keys with organizational means involving 
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several processes and components with first organizational means 
bging a rov?,. column table indexed by a, vendor identification nuiaber. 



333 of 737 



PROCESS STEP 41 ^ T,he. invent ion., e^e-jr^m. 29, whereby the process, of. 
or method of steps to do said encrypting in a pass- thru return means 
for said cryptographic media player's embedded said cryptographic 
digital signal processor (C-OSP) means download to said media ticket 
smart card using pass- t hru encrypting return means involving several 
processes and components for transferring. any type of digital data 
securely from said cryptographic digital signal processor jO-DSP) 
means to said media ticket smart card with a first example pass-thru 
encrypting return means being common family key or shared secret key 
encryption which is known vulnerable to a single point of failure, 
second example pass-thru encrypting return means being answer vendor 
unique private key digital signaturing to v signat\ired-text (non- 
eucrypted. thus tradable by any party) ' foUj^wQcl fay originate vendor 
unique public key encryption to * cipher- text (encrypted text ? * using 
said pre-embedded, common look-up table of unique vendor public key 
and matching privater-Jteys-^with organizational means involving several 
processes and' components such as first organizational* means being the 
row,, column table, indexed by a vendor identification number/, a third 
example pass-thru, encrypting return means being- answer vendor unique 
secret key encryption to A cipher-text (encrypted text which combines 
signaturing) ' using said pre^embedded common look-up table of unique 
vendor secret keys with organizational means involving several 
processes and, components with first organizational means being, thg 
row, column table indexed by a vendor identification number, 
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PROCESS * stop* 42; The invention and processes o#-ela^a 29 whereby 
the process ot or method,. Qt steps to do ImAlaii.ed-Ug before playuxg 
which- is the process, done by the customer-, party- A, of preparing- any 
party's provided cryptographic media player with its provided 
embedded cryptographic digital signal processor (C-DSP) means by 
inserting his own unique custom encrypted digital" media, and also by 
inserting his own unique media ticket smart card,, accomplished by the , 
s nb- steps of: 

verifying of insertion by some -customer- of some custom session 
key (one-time secret key) encrypted media into the cryptographic 
media player* s media drive/ 

Verifying of insertion by some, customer; of gogjg. media ticket 
smart card A into the built-in media ticket smart card reader on 
the cryptographic media player, 
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PROCESS STgg 43^ The, invert tiori. arid, processes, of etem, 42, identifying, 
of a high security application in need of a high degree of 
authentication of the customer, where high security needs are more 
important than customer extra time and extra effort which consists of 
the sub-steps of: 

programming at the factory Tor a dedicated, high security 
application such, as but UQt limited, to dedicated high- security 
etppl i cakioii& stioh as : go ye riiraen b use , bank-i ng> credi b sraarb . card 
transactions/ debit smart card applications, automatic teller 
machines^ (ATM cards) , high security facility card key access 9 vs. 
consumer digital media entertainment by pre -programming an embedded 
security level pre-determined digital field cade, far the smart card 
application, 

prompting by the cryptographic media player of some customer to 
enter his access code through a first means such as a built-in 
cryptographic alphanumeric toggla fiald with liquid crystal display 
(LCD) with a minimum of one-line display, or through a second means 
q£ a„ , cQJ8RU.ta&. keybgard/ qr. thxaugh.a^ thl^d,, mgans. , g£„ a, bloXpgrigal^ 
ideiibi^icablon- (bio^id) reader with example means .beiixg^a -digital 
fingerprint reader , 
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PROCESS STEP 44 „_, The . inyent.ion, and, p ; rac;esg.es ; at claim 43, 42 whereb.y , 
the process of or method of steps td do authenticating by customer 
triangle authentication which is the process done by provided said 
cryptographic media player and its provided embedded said 
cryptog ra phic digital si gnal processor (C-DSP) means which process 
step may. be skipped only for relative, , low, security applications, 
only when customer time and effort is of essence, accomplished 
through the sub-steps of; 

identifying of a relative/ low security application/ by firstly, 
having to read said play code from the inserted custom digital 
media in order to decrypt said play code, using standard 
cryptography, procedures thus obtaining the custom encrypted, by, xise 
of said media distribution vendor created custom said play codes, 
digital media secure content header, used to determine, relative 
low security applications, vs. relative medium security 
applications/ only where customer time and effort is more critical 
than customer security. 
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PROCESS STEP 45. The, invention and, processes of claim 29 whereby , 
the process ot or method of steps to do transferring of the 
cryptographic keys from provided said media ticket smart card to 
provided said cryptographic media players with its provided embedded 
said cryptographic digital signal processor (C-DSP) means by said 
encrypting, using pass- thru , encryption means for the upload of digital 
data from said- media- ticket smart- -card - to -provided said cryptographic 
digital signal processor (C-DSP) means over wiretapafole or open 
computer buses ( *red buses') which is the process done by the 
provided, cryptographic media player to receive encrypted play codes 
with header and encrypted play counts with header from the media 
ticket smart card n which are pass- thru encrypted by the several 
pass-thru encryption means involving several processes and components , 
for transfer over wiretapabie computer buses { *red buses 7 ) to the 
player's own cryptographic memory (TNV-EEPRQM) for access by its 
cryptographic digital signal processor (C-DSP) means, with said first 
example pass-thru encryption means being the common family key 
encryption vulnerable to a single point of attack, a said second 
example pass-thru encryption means being the pre-embedded, common, 
look-up table of vendor private keys and matched public keys which 
uses a family key encrypted, common table index for efficient active 
table entry access, a said third means of pass-thru encryption being 
the unique vendor secret key encryption with use of a common, Vpok-up 
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table of vendor secret keys which uses a family key encrypted, common 
table index - , or vendor ID number for efficient active table entry 
access, comprising of the sub-steps of: 

requesting by the cryptographic digital signal processor (C-D5F) 
means sending a request digital code to the media ticket smart card 
A- to request return of a predetermined digital message , code, or 
else cryptographic key data which is pass -thru encrypted by various 
means with, first pass -thru encryption means being the common system 
family key jf-ak-F) which is a known weak point in the system 11 the 
shared f amily key is breached, second pass-thru encryption means 
being a specific vendor's private key (prkSVn) encryption done by 
the laedia ticket smart card which is pre-programmed with a common, 
pre-embedded, vendor key look-up table using a family key encrypted 
index for efficiency in processing on the other end, thus it , is 
preceded by a family key (f ak? encrypted index to the pre-embedded, 
common, vendor key look-aip table for fast table look-up of the 
matching vendor public key also pre-programmed in the cryptographic 
digital signal processor {C-DSP) means on the other end,, 

transferring/by the media ticket smart , card n to the 

OFyptoqsjaphic digital signal processor (C-DSP) mean a of- sa id return 

pre-determined digital message code or else said requested 

cryptographic keys, comprising of customer private key (prk^i ) , 

encrypted play codes (session keys or one-time secret keys} with 

header,, encrypted play counts,, (paid for numbers, of plays, -1 for 

infinite plays, or counts of free trial plays) with header all with 

sequence numbers to prevent recorded replay attacks t 
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decrypting by the cryptographic digital signal processor (ODSF) 
means, of the returned, pass-thru encrypted cryptographic keys from 
the media ticket smart card using its pass-thru encryption means 
with first pass-thru encryption means being the trusted family key 
(which is vulnerable to leakage) to decrypt the pass-^thru encrypted 
cryptographic keys, second pass-thru enc ration means being the 
unique vendor public key which is pre-programmed using an embedded, . 
common, vendor key look-up table for all vendors into the 
cryptographic digital signal processor (C-DSP) means and is 
preceded by a family key (fak) encrypted^ index- to said vendor key 
look-up table for efficient table look-up without search time, 

verifying by the cryptographic digital signal processor (ODSF? 
means of incremented sequence numbers used to prevent a recorded , 
repiay attack (instead of requiring synchronized system clocks and 
time-stamped data) in the cryptographic keys returned from the 
media ticket smart card in order to prevent recorded replay attacks 
which is the sub-step done by the cryptographic digital signal 
processor {C-DSP) means using its locally cryptographically stored 
trusted family key (fak-F), customer private key (prk-n) retrieved 
from the customer's media ticket smart card,, vendor public key 
tpuk-Vn)> and vendor secret key {sek-Vn) retrieved from local 
cryptographic memory (TNV-EEPRQM) , to pass-thru decrypt the 
sequence numbers and check for an incremented value over, the 
previous values stored in local cryptographic memory (only an 
authoxU^Led.. cryRtogxaphig.. me.digL Rlayex. can:, xn£X3®&x&^ the... s,e,qu,eneg„ 
number- be-JEogre- s tor age- as- only-ai^ r 
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vendor or any cryptographic media player has the cryptographic keys 
to alter a sequence number), , 

storing by the cryptographic digital, signal . pcqcsssqi: (C-PS?) 
means in its own local cryptographic' memory (»TNV-ES?ROM)-- of the 
media ticket smart card's verified and decrypted cryptographic keys 
composed of the^ customer's .private, key PrK-n, doer yptccL play count 
with header r decrypted play code with header in its own locar 
tamper resistant, non-volatile .memory, (TNV-EEPRCM) this prqeess 
must be followed by, 

incrementing of sequence number function done fry the 
cryptographic digital signal processor (C-DSP) means, and an 
opposite direction transferring function by ~ the cryptographic 
digital signal processor (C^DSPV means to the media ticket smart 
card, of the updated, cryptographic Keys, with jncren^nted sequent 
number in order to avoid their rejected use in the future, 

n^way committing of the previous sub^step to ensure sxib^step 
completion in the event of unexpected circumstances such as but not 
limited to: power outages, pre-maturely , customer withdrawn siaart 
cards, and hardware failures, furthermore / failure to minimum 2-way 
commit the above sub-step will completely void the entire 
operational step before anything is given the system go-ahead. 
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PROCESS STEP 4.6, The, .invention, and processes of claim 29 whereby 
the process of or method of steps to do transferring of the 
typographic Keys away from pro vvded said, c*iyp tog raphvc m^dla player 
and its emiyedded provided said cryptographic digital signal processor 
(ODSP) means to provided said -media ticket smart card by said 
encrypting using pass-thru return means for the. download of digital 
data from the provided cryptographic digital signal processor (ODSP) 
means to the provided, media ticket smart .card over wiretapable or 
open computer buses ( v red buses'- ) which is the process done by the 
provided, cryptographic media player which are pass-thru encrypted by 
the several pass- thru encryption means for transmit using it's 
provided, cryptographic digital signal processor (PDSF) means, the 
encrypted play codes with header and encrypted play counts with 
header both with provided/ cryptographic digital signal processor CC- 
DS P) means incremented sequence counts (to avoid recorded replay 
attacks without the use of synchronized digital clocks) to the media 
ticket smart card A transferred over wiretapable computer buses, with 
said first example pass-thru encryption means, being the common family 
key encryption vulnerable to a single point of attack, a said second 
example pass- thru encryption means being the pre-embedded,^ common,, 
look-up table of vendor private keys and matched public keys which 
uses a family key encrypted/ common table index for efficient active 
table entry access, a said third means of pass-thru encryption being 
the unique vendor secret key encryption with use of a common, look-up 
tabXe,, q£ v.eAStar:. sg&rsJz^ keys.. which., us,e,s,_ a,^ fgmiJL,y key encrypted Qommon,,, 
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table index or vendor ID number for efficient active table entry 
access./, comprising of the sub-steps of: 

tcaivst^trlug by p&53-tta:& Qucryptiug m$m by !&kg crypto 

graphical digital signal processor (C-D5P) means to- the- media - 
ticket smart card with first example pass-thru encryption means 
being common family key, encryption which is, known as. being 
vulnerable to system breaching , and second example pass-thm 
encryption means using a unique, vendor public, key for encryption 
which is first- idenbi&ied by a family key encrypted index bo a pre- 
embedded, common, vendor public key and private key look-up table, 
which furthermore, enables the unique and matching vendor private 
key table look-up on the receiving end, f urtheriaore, pass-thru 
encryption, means, is, used in the- process, of. transferring 
cryptographic keys comprising of customer private key (prk-n), 
encrypted play codes with header, encrypted play counts with 
header, all with already incremented customer (family key) sequence 
numbers from itself to the media ticket smart card, 

decrypting of pass -thru encrypted means fftr cryptographic key 
transfer by the media ticket smart card which is the process done 
in ftirsfc example pass- thru decryption means by using its trusted 
family key, and second example pass-thru decryption means being the 
use of said unique vendor public key which is identified for 
efficiency by said family key encrypted index, to decrypt the pass- 
thru encrypted, cryptographic keys from the cryptographic digital 
signal processor (C-DSP) means, 
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verifying of incremented customer (family key) sequence numbers 
to prevent recorded replay attacks which is the snb-step done by 
the cryptographic micro-processor (C-uP) embedded inside of the 
media ticket smart card using its, local cryptographically stored 
(• TNVHBB?ft£M)- pass— thru encryption means first pass— thru encryption 
example means of a trusted family ^Vf_£^^f a* 1 ** second example 
pass-thru encryption means example of a single vulnerable to 
breaching, pre-stored, family key, fak-F> indexed set of all vendor 
keys to efficiently retrieve the unique matching vendor public key 
to. the \miq\ie vendor private key usecl, with pass^thru decryption 
, means used to pass-thru decrypt the play code with header (and 
sequence numbers.) : 

removing, the message authentication code (mac code} of the 
public vendor identification number, 

removing the session identification number, 

removing the customer (passHthru encryption use) sequence 
number, 

leaving the last to first by initial vendor media 
djistrAbutipu center operation,,, customer public key encrypted^, 
vendor secret key encrypted, vendor digibaily signed bobh of , 
play code and vendor sequence number, 

checking by the media ticket smart card for an incremented 
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customer (pass- thru encryption use) sequence number to prevent a 
recorded replay attack, 

ctryptograpMeHffrl^^^ (C-uP) embedded inside of the media 

ticket smart card storing the pass- thru decrypted keys including 
the, customer's private, ksy, PrK-n, decrypted updated play count 
with header , decrypted play code with header all with updated 
ggggjig^ local tamper resistant non-volatile , 

meiao-gy- (TSV-EEPRGM-) , ■ 

returning of erroi: status from the ^Media ticket sma rt cardft-s- 
cryptographic Kdcro-processor (OuP) back to the cryptographic 
digital signal processor {.C-D5P). means which are the sub-steps of 
the media ticket smart card composing a pre-determined digital 
^rrpr WQX&XlifJ /QQdg „. Q£,.; normal.,. st^a^S warning wjJth. , tlie Lo„gpe.d, fea_cJ» 
sequence number which is pasSTthru encrypted and returned to the 
cryptographic digital siqnai processor {ODSP) means. 
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PROCESS. STEP. 4J. The inven t ion, and , processes of claim .. 29 . whereby, the 
process of or method of steps to do authenticating using media triangle 
authentication w*ucl\ is the process, of mtcAu.iig y^LSEjg digital 
with matching unique play codes by the method- of media triangle 
authentication which is the process done by provided, said 
cryptographic media, player/ s cinbcddcd, provided, said cryptographic 
digital- signal" processor (C-DSP) means doing digital media triangle 
authentication using sample reads of test, data with successful 
decryption, accomplished through the sub- steps of-: 

initializing before playing by the customer, party A, of the 
cryptographic digital signal processor (C-DSP) means through the 
process of claim 42, 

authenticating by customer triangle authentication by ; the 
cryptographic digital signal processor (C-DSP) means through the 
process of claim 44, 

reading by the cryptographic digital signal processor {C-DSP) 
means of the, custom encrypted digital media to obtain the- public 
vendor identification number and session identification number ot" -- 

th&.paxtXcMl^t:.. media... ijid.ex,ed.,b.y cryptographic, digital, signal, 
processor: .- (C-DSP) means; >>identi£-icaLrioit number-, 

i 

public vendor identification number.. [MftCjVIN] ] , 
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session identification number y 



play code encrypted digital media, 

i 

encrypting by the cryptographic digital signal processor CC-BSF) - 
means using pass-thru encryption means with the first example pass- 
thru encryption means (vulnerable to system breaching) being the 
system ' family key, fak-F, family key encryption, and the second 
exainpija pass- thru,, ex^ryptii^^ineans: being, the unique, vendor,, private.,, 
key - eac-cyp tlofi- w -h tit the : addi bloi lal £ w i ly key encryp Lion o an 
index nsed for efficiency to a pre-embedded, common, look-up table 
of vendor public and private keys., furthermore, with all paxsrthru 
encryption means, the media's public vendor identification number 
and, session identif icatiori number are used , with an increment ed 
sequence number^ to prevent recorded replay attacks, 

transferring- by the cryptographic digital signal processor CC- 
DS?) means to the media ticket smart card inserted into a built-in 
madia ticket smart card reader of tho^modia's pass- thru encrypt cd 
public vendor, identification number and session identification 
nuinbex,, with.. aa, jjicxeinent.ed^ sequence, number, 

decrypting by the media ticket smart card using pass-thru 

decryption means with first example pass-thru decryption means 

using said system family key/ fak-F, and second example pass-thru 

decryption means using said unique vendor public key which is 

efficiently table look-up processed on the receiving end using the 
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family key encrypted index to the common, pre-stored, vendor key 
table y furthermore/ the pass-thru encryption means are used on the 
raedia f s public vendor identification number and session - 
identification number with an incremented sequence number to 
prevent recorded replay attacks/ 

verifying by the media ticket smart card against recorded replay 
attacks ig the decrypted data by checking for an incremented 
sequence raxaber over the local crypto graphical memory (TNV-EEPRCM) 
stored previous recorded sequence number access indexed **ith the 
same cryptographic digital signal processor (0-D5P) means 
identification number/ 

retrieving by the media ticket smart card n from its local 
cryptographic memory in the piihlic vendor identification number 
table/ the session identification number of the matching encrypted 
play codes with header and encrypted play counts with header plus 
its own customer private key f prk-a/ . 

notifying by the media ticket smart card back to the 
cryptographic digital signal processor (C-DSF) means of a- custom 
encrypted digital media to media ticket smart card pre-deterxnined 
digital code lor a mismatch error status going back II the public 
vendor identification number and session identification number 
search produces no matches in local cryptographic memory (TNV- 
ESFRQM} , 
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decrypting by the cryptographic digital signal processor (OBSP) 
means always in the exact reverse order of encryption iri order to ,, 
mafchefnaticaHy' undo encryption operations in the proper sequential 
order using pass-thru decryption means with first example pass- 
thru encryption- means being the common system tastily key> f ak—F, 
and second example pass-thru encryption means kcjjtg _ttic unique 
vendor public key with a family key encrypted index to a pre- 
embedded, common look-up table of vendor public and private keys 
for efficient table look-up,., and decryption using, the vendor 
private key , prk-vn, and vendor secret key, sek-vn, out of the set 
of all vendor public keys and vendor secret keys retrieved from 
local cryptographic memory by the cryptographic digital signal 
processor {ODSP) means used upon the customer's encrypted play 
code, wdjbh. header,,, play count: with, header./, and- private, key,^ prjera, 
with sequence , number- to' prevent -recorded replay attacks, 

verifying against recorded replay attacks by the cryptographic 
digital signal processor (ODSP) means by checking for an 
incremented sequence number oyer the previous recorded sequence 
number access of the same media ticket smart card held in local 
cryptographic memory (TNV-EEPRGM). 

incrementing by the cryptographic digital signal processor (C- 
DSIK) means, o-f the customer (family key) sequence number received 
from the media ticket smart card, 

encrypting by the cryptographic digital signal processor (ofey) - 
u^iug P3>$$-ttu:u. encryption means,, wjt.iv Qjrsfc e.xa^pi.e pass-t,H.r:ij s 
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encryption means being the system family key, fak~F, and second 
example pass-thro encryption means being, the/ unique, vendor private 
key fch a family key encrypted index to a. table, of vendor keys for 
efficiency, of the media ticket smart card*s retrieved encrypted 
private key, prfc-r-a, encrypted play codes with header, and encrypted 




prevent recorded replay attacks, 



transferring using pass-thru encrypting means , by the 
cryptographic digital signal processor (C-D5PI means to the media 
ticket smart card of the updated cryptographic keys comprising of 
customer party a T s private key, prk-a, encrypted play codes 
(session keys or one-time secret keys) with header and encrypted 
play counts {paid, fox numbers of plays/. -1 for, infinite plays, or 
counts of free trial plays) with header and all with sequence 
numbers by the process of claim 40, x 

- authenticating of the media triangle authentication by the 
cryptographic digital signal processor (C-DSF) means which is^ the - 
sub-step done by the cryptographic digitar signal processor (C-DSF) 
means inside, of the cryptographic media player decrypting a sample , 
known, best pattern of the digital media by using the decrypted play - 
code {session key or one-time secret key) stored inside of local 
cryptographic memory (TNV-EEPROM) inside of the cryptographic 
digital signal processor (ODSP) means also with using the vendor's 
public key/ puk-Vn, and vendor's secret key/ . sek~Yn/ ,in order to 
undo the pass- thru encrypting means processes of cIoh r 40; using 

the fallowing data structures: 
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unique vendor and customer play count with media header (and 



sequence nraaber) . is.; 



i 

public vendor identification number fMACfVINll,, 
session identification number, 
customer A public key encrypted 

{vendor secret key encrypted 

(vendor private key digitally signed! 

play count, sequence mtmbert) ) 
customer (pass -thru encryption use) sequence number , 
) = temp-l&a, 

vendor pass- thru encrypted: play count, with, media header (and. , 
sequence numbers)- is: 

f amily key ( temp- 1 6a) temg^l^y 

unique vendor and customer play code with media header (and 
sequence rarofcers? is: 
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public vendor identification number [HRC.[YXN] ] , 



session identification number f 
custoner A public key encrypted 
(vendor secret- key encrypted 

(vendor private key digitally signed 

{play code/ sequence number H 
cus- taster (pass.- thr a encryption us.el sequence number 
I 

vendor family key encrypted or pass- thru encrypted means of the 
play code with media header and sequence number is: 

family key (temp- 16c) - t.erap-16ri, 

and then using the decrypted play code also known as a session key 
or one-tiiae secret key for decrypting the custom encrypted digital 
Kiedia which known sample data area will only decrypt properly to a 
known test pattern with the proper untaxapered with play code. 
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authenticating with media triangle authentication by the 
cryptographic digital signal processor (ODSfc>3 means of the 



following points: 



point 1 of custom, encrypted digital media a, to 

point 2 of media ticket smart card a, to 

point 3 of authorized cryptographic media player, 

PROCESS- STEP 48, The invention and processes el -claim 29 whereby - 
the process of or method of steps to do cryptograph! ng using hybrid 
key cryptography which is the process done by provided/ said 
cryptographic media player with its provided, embedded said 
cryptographic digital signal processor (OPS?) ipeans using hybrid key 
cryptography which is the process of using hybrid .key cryptography 
which uses public key cryptography to authenticate remote parties, do 
digital signatures to authenticate digital media and establish media 
integrity with a remote party, and encrypt one- tiiite secret keys known 
as session keys jssk-n) , used for only one 5e33ion, which said 
session keys are sent to a remote party who decrypts them for storage 
in his own taagper resistant , non-volatile memory (TNV-ESPRCM? 
embedded on his black/ cryptographic coxaputinq unit in the exaiaple of 
fehe prior arb erypbographic digibal signal processor (ODSP? means 
which said session keys may be later stored in tamper resistant non- 
volatile memory (TNV^EEfcRQM) embedded in a- median t icket smart card 
where they are referred to as play codes with paid for and authorized 
play counts, accomplished through the sub-steps of.: 
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authenticating of play code digitally signed by the authorized 
media distribution vendor's private key to the cryptographic 
digital signal processor (C-DSP) means which \s the sub-step done 
by the cryptographic digital signal processor (OPS?) means which 
holds the cesgplete public key set of all authorized media 
distribution vcndors^ctricving the play code from the • media 
ticket smart card A and using the correct vendor public key,, to 
decrypt the session key which was digitally signed by the vendor 
private key to reveal the, decrypted session key ready for use on 
the- aastosfc encrypted- digital media, 

decrypting of the custom encrypted digital media •.which is the 
sub-step done by the cryptographic digital signal processor (C-D5P? 
means, 'using the decrypted session key (one-time secret, key), for 
secret, key decrypting means involving one or more p races s&s and 
components, with 'the first example secret key decrypting means 
being slower f software algorithm secret key cryptographing, and the 
second example secret key cryptographing oteans being fast, hardware 
secret key cryptographing, with both example decrypting, means 
loading the session key or one-time use only secret key into the 
cryptographic digital signal processor's (C-DSP* s)„ hardware secret 
key mtl-t which can decrypt the custom -encrypted digital media. 
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PROCESS. S..TSP 4.9 ». The invention, and processes, of claim . 4g. whereby 
the process of or method of steps to do public key cryptograph ing 
which is the process done by provided, said cryptographic media 
player and its provided, embedded said cryptographic digital signal 
processor (OPS?) ittean s accomp lished through the su b-steps of : 

authenticating of' play code digitally signed- by the use of* the 
unique, and, appropriate, authorized, media, distribution, vendor's . 
pr i vate key vfhlch Is- .pre- s tored ,be lore- l ac lory release- o£ ~ the 
hardware chip in a common look-up table in the cryptographic 
digital signal processor {ODSi?) means which is. the sub- step done 
by the cryptographic digital signal processor (O DSP) means which 
holds the complete/ pre- embedded, , common look-up table,, vendor 
indexed, private key and public key set of all authorized media 
distribution vendors, which cryptographic digital signal processor 
CC-DSPj means uses pass^thru encrypting process 4-5 43 and pass-J:hru 
encrypting return process irG 44, to first retrieve the play code 
from the media ticket smart card .A, for customer party A, and pass- 
thru decrypt the play code, and then uses the correct vendor public 
key from the pre-eaibedded, common look-up table , vendor indexed, 
vendor private key and public key set of all authorized media 
distribution vendors, to digital signature verify the presently 
non-cipher text or presently signatured text o£ the unique, session 
key, vbich ^as already digitally signed by the use of the unique, 
roed va d 1 s t r 5 bu t j o n ve n.d.o r p r i , va t e key at down fading to cus toroe r A 

355 of 737 



of process 3& 33 or also called media distribution time, to reveal 
the decrypted session key ready for use on the custom encrypted 
d i g * ta j med j 3 ^ 
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PRQCgSS STEP 5Q V ^ The, invent ion, or processes of clai m 48. whereby . tlie : 
process of or method of steps to do secret key cryptograph ing which 
is the process done by provided, said cryptographic media player with 
its embedded, provided/ said cryptographic digital signal processor 
(OPS?) m eans through certain applicable sub-steps selected from the 
group consisting of: 

decrypting o.f the custom encrypted digital media using software 
algorithm, slower/ double secret- key cryp Log rapiiiiig^ wkicii is Llie 
sub-step done by the cryptographic digital signal processor (C-PSP) 
means using the decrypted session key (one-time secret key? f rojn 
the matching unique play code for slower, software algorithm 
implemented by firmware computer program secret key cryptography, 
without use of a silicon compiler designed, dedicated fast hardware 
secret Icey unit, by loading said decrypted session key or one-time 
secret key into the cryptographic digital signal processor's (C- 
DSP) means frfhich can software decrypt the custom encrypted digital 
media, furthermore, with exactly analogous firmware secret key 
decryption using the unique vendor secret key, and, 

decrypting of. the custom encryp Led digiLal media which is 
actually double secret key encrypted, first with the unique 
originating vendor secret key and secondly with the unique customer 
session key or one-time use only secret key, using a silicon 
compiler designed duo-unit specifically doing, fast, hardware 
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double secret key crypt ographing, which is the sub-step done by the 
cryptographic digital signal processor (ODSP) xaeans using the 
unique customer decrypted session key (one-time secret fcey) from 
the -unique relevant play code for fast, hardware secret key • 
cryptographinq by loading said decrypted session key or one-time 
secret key into the cryptographic digital signal processor's (C- 
DSP) means, silicon compiler designed, prior art, specific hardware 
secret key unit which can fast hardware decrypt the custom 
encrypted digital media, followed in an exactly similar manner by 
the hardware loading of the unique vendor secret key-. 
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PROCESS STEP 5L^ The invention or process of claim 50 whereby the, . 
process of secret key cryptograpbing uses standardized, algorithm 
means involving several processes and components of a first algorithm 
means being older and field and time proven but of growing 

obsolescence, bit oriented (approximately ten to one-hundred times 

: ' ; ~":r"'"- v — — •• — *«i ■ 

faster when executed in a dedicated bit-manipulative digital hardware 
silicon compiler designed library component unit), US Patented 
(expired), IBM Data Encryption Standard (PES) , which comes in several 
modes and secret key strengths measured in key bit-lengthy and a 
second algorithm mean3 being newer, fully unproven algorithm in both 
field and time trials, a byte (8-bit) oriented, Advanced Encryption 
Standard (AKS) cipher which was designed for faster, software 
algorithm implementation, and scalability of the bit- length of 
increasing key strength with time to deter scalable computing attacks 
on fixed length secret key length, and third example secret key 
algorithm means being newer, field and time proven, fixed secret key 
length, IPSA (R ), under European patent* 
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PROCESS... .STEP .52^ The invention and processes of claim 29, whereby , 
the process of or method of steps to do accounting by said 
cryptographic media player with its provided, embedded said 
cryptographic digital signal processor (C^DSP) means which is the 
process done by the provided, cryptographic media player using hybrid 
icey cryptography digital media playing of one-way transfer of custom 
session 3cey encrypted digital media owned by party n in a controlled 
access manner mostly for financial accounting purposes which uses the 
play codes (session key or one-time secret key) and play counts (paid 
for nuiaber of plays or count of free trial plays? contained in media 
ticket smart cards, accomplished through the sub-steps of: 

authenticating step, done in high security applications which 
sub-process step is simply skipped as being unnecessary in low 
security applications for citizen/customer time and effort 
consideration, of customer triangle authenticating using the 
process of claim 47 of: 

point 1 of" customer a, . to 

point 2 of media ticket 'smart ^arcj a, to 

point 3 of cryptographic media playety 

authenticating of the media triangle authenticating by the 
process of claim 44 consisting of: 
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point 1 of one-way transfer of custom session key encrypted 
digital media/ to 

points 2 of media ticket smart card A with appropriate play 

codes and play counts, to 

point 3 of cryptographic media player, 

notifying of the customer of any errors in the above two sub- 
steps, transferring by the media ticket smart card to the 
cryptographic digital signal processor (C-OSP) means of the pass- 
thru encrypting means of cryptographic keys comprising of customer 
private key (PrK-n) , play count with header, and play code with 
header all »fith sequence numbers using the process of claim 40, 

verifying of decrypted play count greater than one which is the 
sub-step, done by a cryptographic digital signal processor (C-DSF), 
means inside of a cryptographic rafedia player checking the obtained 
decrypted play count for a greater than one number indicating 
authorized and paid for plays remaining while a -1 value for a 
count can be a means of indicating an infinite number of plays, 

decrementing of play count which is the sub- step done by the 
cryptograph vc d.vgvta.l. signal processor (C-T)SP) means of 
decrementing of the play count, 
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incrementing of' customer (pass-thru encryption use? sequence 
number by the cryptographic digital signal processor (C-DSP) meana , 
to prevent recorded replay attacks, 

transferring by the cryptographic digital signal processor (G- 
DSP) means to the media ticket smart card of the pass-thxi3 
encrypting return means- of process 41 of the, updated for sequence, 
number cryptographic keys comprising of ^customer private key (PrK- 
n), , and the updated for sequence, number and accounting decrements 
both the play count with header, and the play code with- header all 
with incremented sequence numbers. 
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PROCESS,, STEP §1 t±s The .invention and, processes of claim 29 whereby .the, 
process of or ingthod of steps ho do playing by provided, said 
cryptographic media player with its provided/ embedded said 
cryptographic digital signal processor (C^DS-P) means which is the 
process usi ng hybrid key cryptography to do digital media playing In a 
controlled access manner using play codes (session key or one-time 
secret keys? and play counts (now contained within registers in 
provided, said cryptographic dig! Lai signal processor (C-BSF) means) 
and also the secret key decryption directly used upon the custom 
encrypted one-way transfer of custom session key encrypted digital 
media which is pre-unique vendor secret key encrypted, accomplished 
through the sub-steps of: 

detecting of n on -copyrighted commercial or home-made material 
through an absence of encryption through the use of media triangle 
authenticating of process 47 which will allow hardware 
decompression of standard form compressed digital media through 
prior art digital compression means such as Moving Picture 
Electronics Group X (MPEG X) for audio/video, Moving Picture 
Electronics Group Standards 1 Audio Layer 3 (MP3) for audio only, 
fast wavelet compression (Fraunhofer Institute of Germany), 
artificial digital degradation, and digital to analog conversion 
(DAC) for analog output while skipping the following sub-steps, 
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cryptographing by the cryptographic digital signal processor (O 
DSP) means using hybrid key cryptography playing of the custom 
encrypted digital media using the process of cloirn 48 for the 
unique vendor secret key, 

cryptographing by the cryptographic digital signal processor CC- 
DS,?) moans, using hybrid key cryptography playing of thc^ custom 
encrypted digital media using the process of' claim 48 for the 
unique session key or one-time, only use, secret, key obtained, by said 
cryptographic- digital signal processor (ODSP) means ^fxom said 
unique play code or the pass-thru encrypted, unique decryption key 
(this is a very fast, double secret key decryption process which 
secures the decrypted ( *plain text' ) digital masters to the 
exclusive knowledge of the unique media, origination vendor who,. may ,, 
or may not be the media di st.ribi3ti on vendor) (remember that the 
unique encrypted { ^cipher-text' ) digital media is completely 
usel&ss without the corresponding matching said play code or 
decryption keys, and said non-zeroed remaining play, play count, or 
accounting charges) ,- . 

accounting by. the, cryptographic, digital signal processor (C-DSP), 
means- ofr the custom encrypted: digitral media- using - the process- ex - 
claim 52* 
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PROCESS STEP 54 The, invention, and, processes; of clam, 29, whereby, 
the process of or method of steps to do escrowing retrieval of lost:, 
stolen, or disputed ownership media ticket smart cards which is the 
process done by the customer, party n, which collection of processes 
of or me thods of i nvention sets sy stems sta ndards and integrates 
components into a system which can be used in the future for new ,, 
forms of internationally standardized cryptography sanctioned by 
industry trade groups such as the Recording Industry Association of 
Americans (RXA& f s) Secure Digital Music Initiative (SDMI), the 
National Association of Broadcaster' s (NAB's? Secure Digital 
Broadcast Group (SDBG) , a nd also national standards agencies such as 
the Merican National Standards Institute (ANSI) ; National ingtitu^ e 
for standard and, ToctitiQlogy (FIST) * or. latornQtiono L ...telegraphy 
union j -PEgf-r accomplished through the sub-steps of: 

reporting of lost, stolen, or disputed legal ownership media 
ticket smart cards by the customer, party A, to the central public 
Jcey distribution author ity, party P, 

canceling of the existing card by the public key distribution 
authority, parly D, in its customer database, 

retrieving by the central public key distribution authority, 
party D, from the central public key escrow authorities, parties 
En, of the old customer public key pair,. 
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issuing of a new card by the public key distribution authority, 
party D,. with a new customer public key pair* . 

retrieving by the central public, key dA>strvbut^i;0^ a.u.fcbo r v t^T^. 
party B, from all media distribution vendors/ parties Vn, of 
existing partially encrypted customer's, party A's, play codes and 
play counts stored in computer database {which will not have the 
latest play, count of the, lost card which docs not matter for 
infinite plays or free trial plays and financial, compensation can 
be made for finite play counts) from all download sessions which 
can be restored with customer's/ party A's, new public Ireys done by 
the process of : 

d-prk-a-old( 

remove mac ( vin) , , 

remove session identification number, 

remove customer (pass-thru encryption use) sequence number, 
(,d-£ak-F 

(passrthru encrypted play code- with 
header (and sequence numbers) 

}) = temp-23a,. 
d-prk-a~old ( 

rcm^^ma^jvlnj^ 

r.empye session; i^snt:ifis:Ak:x&M^n\J^>ex.t- 
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remove customer (pass- thru encryption use) sequence 
number/ ' , 

(d~.£ak=J 

(pass-thru encrypted play count (with 

sequence numbers) 

h_ 

) ■) ^ temp-23b, 

imprinting the customer f s, party A' s f old play codes and play 
counts into the new media ticket smart card, 

raac(vin) , 

session identification number, 
d-puk-a-new(temp-23a) , 

customer (pass-thru encryption use) sequence 
mimber + 1) = 

(new encrypted play code with header 
(and- sequence- numbers) , 

d-f ak-F( 
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iflac(vin) , 



session identification miaaber, 
ri-puk-a-new ( !:emp-23h) , 

customer (pass- thru encrypt icufr use) sequence 
number 1 ) = 

(new- encrypted play count with header (and sequence 
numbers)./. 



delivering of the reconstructed, new media ticket szaart card to 
the customer which should work with existing custom encrypted media 
and it w ill still work with the lost, stolen, or leg ally disputed 
old media ticket smart card. 
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PROCESS^ STEP,. 55.^. The, invention and, processes , of claim 54 whereby, the, , 

process of or method of steps^ to. do legal reassigning,, of play, code and 
play count ownership- f rom- -media » ticket smart A of owner-- A. to media 
ticket smart card B of owner B which is legally called * first use" 
involving US Copyrighted digital media which is. accomplished through 
the sub- steps of: 

inserting of media ticket smart card & into the 

cryptographic digital signal processor (CHDSP.) means inside of a 
cryptographic media player (e.g. C-MP3 player ) , 

authenticating using the already defined process 14 44 .of 

authenticating by customer triangle authentication, 

transferring of all customer K play codes and play counts 

from the media ticket smart card A into the cryptographic digital 
signal processor (C-DSF) means including the customer- A' s private 
key and public key/ 

decrypting of customer A' s play code and play count , 

updating of vendor sequence number and customer (pass thru 

encryption use) sequence number 

committing 2-way operations of several cyclic loops from 
cryptographic digital signal processor (C-DSP) means to media 
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ticket smart card and back again before f inalizing transaction 



computer operations/ 



permanently erasing in media ticket smart card A any 

removed play codes and play counts owned by customer A, 

removing of the customer A f s media ticket smart card from 
ttie cryptographic media player/ 

i rise rfc j hg o f med i a t i c ke t srna r t ca rd R in to the 

cryptographic digital signal processor (OPSP) ateatis inside of a 
cryptographic media player (e.g. C-MP3 player), 

authenticating using customer triangle authentication, 

transferring of" ail customer B play codes and play counts 

from, the s media., ticket, smart, ca into, the, cr.yp.to.graphi.c. di.gi.tal„ 
signal processor- (C-DSF) means including:, the customer B f s private; 
key and public key/ 

decrypting of customer B y s play code and play count, 

creating a super-set list of play codes and play counts and 

re-enexyp,ting them for customer B,, 

. updating of vendor sequence number and customer (pass- thru 

encryption use) sequence number-, 
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_^ transferring the super-set list: of play codes and play 

counts back to media ticket siaart card. B for cryptographic storage, 

co^j?Xtttt\g a mlutiAjR Qi Z-yisx QSSSSM^M SL §§¥**£&L cyclic 

loops iKom cryptographic digital signal processor (C-D5P? means to 
media ticket smart card and back again before finalizing 
transaction computer operations, 

permanently erasing , ail play., codes , and play counts , of 

either party A or party B from the cryptographic media player, 

reaiK.rri:sig- ~<y£* biie- ctisirofger ~B' medi-a-" bicket> smaxH— card- ISggjgr- 

the cryptographic media player. 
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PROCESS. STEP. 5,6 ^ The, inv,ent ion . arid . proces ses of, clam, 54 , whereby 
the process of or method of steps" to. do legal '• archiving of custom 
encrypted digital media and also play code and play count ownership 
from i&edia ticket smart A of owner A to back-up copies known as 
legal *»fair use" under, US Copyri gh t la w for means of archival 
storage in case of fire,... theft,, vandalism,, storm,, flooding,., tor a 
convenient home and car copy for marketing applications of the 
"fair use" legal doctrine, which is accomplished by the sub-steps 
of; 

copying of "cipher text (encrypted data)." digital media in 

digital to digital copying mode an unlimited number of times using 
a personal computer. (PC) or. other, digital to, digital copying device . 
to create flawless digital archival copies which are usable only 
with media ticket smart card A primary card or media ticket smart 
card A backup card, 

updating of primary card to back-up card operations. to 
allow both to be used^ for archivar copy decryptions , 

inserti rig of media ticket smart card ft' primary card into 

the cryptographic digital signal processor (C-DSP) means inside of 
a cryptographic media player (e.g. OMF3 player), 

authenticating using customer triangle authentication by 

the process of claim 44, 
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transferring of all customer A primary card play codes and 

play counts from the media ticket smart card A into the 
cryptographic digital signal processor including the customer A* 5 
private key and public key,. 

decrypting of customer A r s primary card play code and play 

count f 

updating, of vendor sequence number and, customer (pa.s&-thru 

encryption isse) sequence number, 

n 

committing 2- way operations ot several cyclic loopg rxoar 
cryptographic digital signal processor (ODSP) means to media 
ticket smart card A primary card's tamper resistant non-volatile 
memory •■(TNV-EE PROM) and back again before finalizing transaction 
computer, operations,. 

permanently erasing, in media ticket smart card A primary 
card' s tamper resistant non-volatile memory (tnv-EEFROM) any 
removed play codes and play counts owned by customer A, 

removing of the customer A 9 s media ticket smart card 

primary card from the cryptographic media player,, 

insert Uiq pf media, ticket smart card. K back-up card , 

into the cryptographic digital signal processor (ODSP) means 
inside of a cryptographic media player (e-q. PMP3 player) 
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authenticating using customer triangle authentication by 

the process, .of claim. 4,4.* 

tj:^MMfMTsJj}Sj b r y..pa.&:,s-t^.ni. ^ r cxyr>Uj?.g..'ro.€LaLT?.s. afl ail, cj^sjxymex 

A back-up r card play codes: and> play: counts- .from the media; ticket 
smart card A back-up card into the cryptographic digital signal 
processor iC-DSP) means including the. customer A5 s.. private^ kp,y. and 
public key/ 

decrypting of customer A' s play code and play county 

oreabiiig^a- super- seb- ii:-gl^;o£^play-vcodeir. ; -axid* play^ count s r aaidU 

re-encrypting them for customer A, 

updating of vendor sequence number and customer {pass-thru 

encryption use), sequence number e 

transferring, the super-set, list of play codes , and play 

counts back to media ticket smart card A back-up for cryptographic 
storage, 

committing 2-way operations of several cyclic loops frosa 

cryptographic digital signal processor IODSF) means, to media 
ticket smart card A's tamper resistant non-volatile memory (TNV- 

t*3£fc-uP- b^fpXf^ f2Ii&JJ-jJj}<J ..txan.S-a.Qt.lQn. ggmputex o_pexa£dQn£,, 

( removing of the customer A' s media ticket smart card back-up 

from the cryptographic media player/ 



inserting of media ticket smart card A primary card. 
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again into the cryptographic digital signal processor (C-DSP) means 
inside of a crypt agraphia, media player [e.g. player), 

aMthe^tica.titig using custom E tslaaais ^U\^i\tiC3XiQU by 

the process of elaia 44 , 

re--accessing in the cryptographic media player the already 

created super-set list of play codes ^nd play counts and re- 
encrypting them tor customer A„ 

updating vendor sequence number and customer (pass -thru 

encryption use) sequence -'number-/ 

transferring the super-set list of play codes and play 

counts back to media ticket smart card A back-up for cryptographic 
storage, , 

commit ting 2- way operations of several cyclic, loops from 

cryptographic digital signal processor (C-DSP) means to media 
ticket smart card A back-up before finalizing transaction computer 
operations, 

permanently erasing all play codes and play counts, of 

either party A primary card or party A- back-up card from the 
cryptograph ic SgfjJJL Pis.YQC/ 



removing of the customer A' s media ticket smart card 



primary from the cryptographic media player. 
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PRQCE5S STEP 57 r A specific method of or process for doing public key 
cryptography over an open systems architecture in a totally 
cryptograpfoicaily secure manner, meant for safeguarding multi -rail lion 
dollar digital masters which open systems architecture includes 
existing prior art components to give a new art system of v processes or 
a process patent of public Key cryptography cQiopris.mg of ttie proce.s.s,, 
sbepa of: 

providing of process step 57 uses the - component of prior art , a 
tamper-resistant non-volatile electrically erasable programmable 
read-only memory { TNV-EEPRQM). which can be in an external dedicated 
chip and also in an on-chip micro-controller design, which is used to 
hold embedded^ brief in lengthy cryptographic computer programs,^ 
cryptographic- system- keys with f irst example cryptographic- keys being 
family keys or shared secret keys, second example cryptographic keys 
baing cryptographic private, kays, third oxampla cryptographic keys. 
being secret keys,, fourth example cryptographic keys being session 
kgys,. a,ggL £jj£fcfcL example,, cxmt.QgraphjLc^ keys, being, cryptographic, public 
keys> 

providing of process step 57 uses the component of prior art, an 
electrically erasable programmable read-only memory (EEPROM) which 
can come in a larger dedicated chip and also in ah on-chip micro- 
controller design 7 used to hold, non-secure/ computer programs 
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(firmware) which are usually stored on separate and dedicated EEFRCfci 
memory chips vghich are connected to the digital computer processor 
through an input-output (T/Q) bus' wi th an pn-processor instruction 
cache usually made of two layers: a LI cache of faster^ static RAM, . 
and a L2 cache of very fast, associative memory or on-chip banked - 
registers used to locally hold pages of opcratior ial cod es (op codes) 
for fast execution, 

providing, of process step. 57 uses the, component, of prior art,, a 
stat ric random access memory (SRflM) which can- come . in a larger 
dedicated chip and also in an on-chip micro-controller design with an 
on-chip input ^output (I/O) bus with SRAM preferred over DRAM on-chip 
for faster speed and no need of a memory refresh cycle at the cost of 
one- fourth less bit density,: for faster temporary storage of dynamic 
data which is issually vn the form of separate and dedicated SRAM 
memory chips which are connected to the digital computer processor 
through an input^output (I/O) bus with an on-&rocessor data cach& of 
one or raore levels (LI cache being SRAM and L2 cache being 
associative memory . or registers) used, to locally, hold pages of 
dynamic computer data for fast data cache access f 

providing of -~ process- step- 57 uses - the component- o f ^ pr io r - arty 

dynamic random access memory (DRftM) which can come in a larger 

dedicated chip and also in an on-chip micro^controller design using 

an on-chip input-output (I/O) bus with on-chip SRAM preferred over 

DRAM, in, micro-controllers for faster, speed , and no .memory, refresh 

cycle, with the latest example of fast DRAM being duo-data rate, 

synchronous, dynamic random access memory (DDR-SDRAM) which can hold 
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either operational codes (for non-firmware based computer programs) 
or dynamic data {especially large arrays and large chunks of data 
such 35 video J frame buffers')/ with the DRAM being an a c fern owl edged 
bottle-neck on the central processor unit (CPU? bus with, another 
greater bottle-neck being the transfer of digital data over the 
peripheral device or input-output (I/O) bus and its much slower often 
electro-mechanical input-output (I/O) devices^ 

providing o f process step. 57 uses the component of prior art, a 
/ .. ... ■ _ • - - • . 

low-cost, low-throughput, cryptographic embedded jnicro-con troll er (c- 

uCtlr) with scalar control operations, slow fixed-point arithmetic 

processing, and very slow, floating point interpreter based floating 

point processing (lacking a hardware floating point unit (FPU)), as 

used, in a prior art/. 8-bit/, single chip, solution,, micro .-controller 

based, smart card as widely used in Europe for oyer twenty years with 

universal success over-coming in all forms of human'- abuse and adverse 

weather conditions, with said tamper resistant non-volatile memory, 

random access memory (TNV-EBPROM) , holding both cryptographic keys 

and very limited amounts of embedded secure cryptographic algorithm 

firmware for the entirely on-chip execution of cryptographic 

algorithms (secret key encryption-decryption, public key encryption- 

decryption, tftessage digest ciphers (MDC/ s) > message authentication 

ciphers ffi*&C*s)3, furthermore, possessing an on-chip input-output 

{I/O) bus in a micro-controller architecture with on-chip limited/ 

static random access memory (SRAM) far fast dynamic data storage, and 

on-chip . limited., electrically erasable, programmable! read., only memory 

(EEPRCM) for- computer" firmware - program storage/ £ur bhermore, 
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possessing a wiretapable ( x red' ) smart card serial data bus to the 
external "world, -which is used for initial unique customer access code 
communications from a digital computer into the smart card to 
activate it, and then is subsequently used for reverse direction 
communications of internal smart card secure memory values 
representing cash to debit and also accounting access counts^uscd in 
pass-thru encryption to transfer encrypted { ^cipher-text* ) data from 
the cryptographic micro-processor (c-uP) inside the smart card to a 
smart card reader and pass-by processing proceeding to a digital 
computer which must do pass-thru decryption and pass-thru encryption 
For the return closed feed-back response communications exchange of 
possibly debited monetary values or incremented access counts needing 
secure storage in the smart card, 

providing o f process step 57 uses the component of prior art, the 
smart card used for media ticket applications containing tamper- 
resistant, non-volatile memory (TNV-EEPRQK) for key storage as part 
of cryptographic embedded micro-processors (c-uP's), 

providing o r iprocess. step 5T : uses the component of prior art, 
serial data coiaputer communications.: interfaces such as. a personal 
computer (PC) based, serial bus connected* (e,g. Universal Serial Bus 
or USB bus, and the faster and longer distance but more expensive, 
IEEE 1394 serial bus ( *Fire wire bus')), used to connect a personal 
computer (PC) to a digitized human fingerprint reader and for other 
computer peripheral purposes,. 
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providing of process step 57 uses the component of prior art, a 
smart card reader means involving several invention processes. which 
simply reads the customer inserted' smart card*".? pass-thru €*ncrypt&d 
data and passes it over wiretapable (. *red'). buses to the digital 
computer, furthermore, a f irst example form of smart card reader- 
means has physical metallic contacts with a power pin used to re- 
charge any smart card internal battery from an additional AC power 
line going into the smart card reader and suitable voltage conversion 
and regulation electronics/ furthermore, a second example smart card 
reader means Is a popular class of prior art, smart cards which have 
an optical interface which lacks any form of smart card battery re- 
charging capability but has improved durability, a third example 
smart card reader is a prior art, integrated smart card reader with 

bio-IB digitized,, fingerprint.: reader, , f ur.thermor.ey , the,, smart .card 

reader- is a~ dumb and- inexpensive -computer serial da La. -bus device -wi-Lli - 
a first example serial communications interface being a prior art, 
serial data bus given as a universal serial bus (USB) providing 
maximum 3. Q Mega bits/second data trans fler_QSsr^a maximum 3.5 feet 
distance^., which has, no local area networking (LAN) interfaces, which 
must be provided by the attached digital computer, a second example 
serial communications interface being a prior art y IEEE 1394 ( % Fire 
wire 7 ) serial data bus which transfers a maximum of 10. 0 Mega 
bits/ second at a distance of up to a maximum of 10.0 feet, 

providing of process step 57 uses the component of prior art, 
biplggical-identif ication (bio- ID) reader means , which attach - to 
personal computers (PC's) using a low-cos L serial data bus such as a 
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universal serial data bus (USB bus) with a first example bio-ID 
reader means being a smart card reader with piggy -backed? integrated,, 
digitized fingerprint, bj o- i dent i f j cati on (bio-TT)) reader for very 
customer convenient use, with an example customer use of a low 
security and unattended by a % warra-blooded # authorized gate-keeper, 
bio-ID means of ^warm-blooded* index finger insertion into a 
digitized fingerprint reader and smart card insertion at the same 
time/ a second example bio-ID reader means is a prior art/ smart card 
reader with external AC power supply and power conversion and 
regulation .transformers along with a piggy-backed v w£fm-bl66d^d f iris 
scan reader digital video-camera electronics which said iris scan 
reader is attached by IEEE 1394 { % Fire wire' ) digital cable to a 
digital video camera/ 

providing of process step 57 uses the component of prior art/ are 
internet protocol (IP) y wide area network (IP WAN) , 

providing of process step 57 uses the component of prior art/ a 
world wide web server (VflSW) or web or graphics rich portion of the 

providing or process step 57 uses the component of prior art/ a 
per Mortal &dmpttter (PC)', wh'I'ch i's no u-cryp ^graphically secure/ 

providing o f process step 57 uses the component of prior art, a 
personal computer (PC) web client/ 

providing of process st£p 57 us£s th'es component of prior art, a 

personal computer (PC) peripherals/ 
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providing of process step 57 uses the component of prior art, a 
data entry devices of an on-board protected electronic device) toggle 
field with 3 prior art liquid crystal display (t<ct)) for entry of bhe 
unique aus tamer passphras-e with closely corresponding passaode entry, 

providing o f process step 57 uses the component of prior art, a 
data entry device of computer keyboards used for unique customer 
password, and passphrase-passcode entrv^with^i^r^^ 
computer keyboard buses vulnerable to the known prior art, hacker 
tools of both software and hardware based keyboard capture buffers, 

providing of process step 57 uses the component of prior art, a 
banked-EEPRQM card reader-writer connected by a prior art, serial bus 
connected with first example serial bus being the Universal Serial 
Bus (R ? (USB faxis) connected banked non-volatile memory chip card 
■reader-wri ter 'serial bus interface unit to an electronic device, with 
first example banked non-volatile memory chip card unit which inserts 
into the reader being a banked, electrically erasable programmable 
r£ad only memory (banked^EEPRQM) card unit (e.g. Sans Disk (R ) card, 
or SD <R ) card) f and second example banked non-volatile memory chip 
card unit being a single/ large chip tamper -resistant non-volatile 
electrically erasable programmable read-only memory (TNY-EEPROM) 
(e.g» Memory Stick (R ) chip), 

providing o f process step 57 uses the component of prior art, a 
personal computer's (PC's) peripheral data storage devices such as 
hard disk drives (hum's), compact disk (CO) record once (CD-R (R )) 
drives, compact dvsV read-write (Gft-RW (R )) drives which all offer 
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^backwards compatible' CD media which can be used in read-only modes 
compatible with older) existing read-only CD drives (CD) ; also 
writable digital versatile disk: (TNT)) drives (e.g. T)VT)+R& (R ), Dvfh 
RW (R 1+ DVD-RAM (R ), which all offer ^backwards compatible/ media 
which can be used in read-only modes coisfoatibie with older , existing 
read-only DVD drives {DVD-ROM) , 

providing o f process step 57 uses the component of prior art im - 
personal computer's (PC's) based peripheral data storage media units 
(e.g. back-up devices, video devices/ fast floppy drives (e.g. Iomega 
(R ) Zip CR ) drives), removable hard disk drives (removable HDD) 
(e.g. Iomega Jazz (R ) drives)), 

providing of process step 57 uses the component of prior art, a 

cryptographic digital signal processor (C-DSP) means designed for 

,low-cost> very fast digital processing of fixed-point number array or 

arrays of fixed radix numbers having limited necessary precision 

typically less than 32-blts arranged in matrix arrays (32-bit 

integers with an assumed radix point which cannot move with a default 

assumed decimal point which cannot move) as popiilarly \ised in the 

Texas Instruments (TI) TMS-320 DSP and also the AT&T D3P-1/ with 

major DSP features being an accumulator based design with arithmetic 

operation over-flow handling, no-overflow registers, pipelined design 

to DRAM connected over a central processor unit bus, constants for an 

(i)th round held as register variables for quick update for the (i 4 

l)th round, and programming - time/ programmable firmware libraries 

supporting flexible digital signal processing for different 

applications, furthermore, giving fast scalar control processing 
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without: a need for floating point: operation re-normalization based 
upon exponents; with a floating point interpreter for limited 
floating point operations involving floating point number formats 
with exponents; furthermore?, also having additional silicon compiler 
designed coggporietits of embedded tamper resistant non-volatile 
electrically erasable programmable road only memory (TNV-EEFROM) with 
a first exaraple cryptographic digital signal processor {'C-DSP) means 
being a standard DSP combined with the silicon compiler functions of 
the prior art, US National Institute of Standards and Technologies 
(N1ST* s) Clipper chip/ which is the Skipjack secret key algorithm 
silicon compiler implemented in a sub-circuit along with tamper 
resistant non-volatile memory (TNV-EEPROM) , single integrated circuit 
(Single chip IC solution') design giving stream cipher and block 
cipher encryption and decryption functions' (additionally used in the 
prior art/ Capstone program using a plug -in PC card (il ) formal once 
called PCMCIA having an embedded Clipper ASIC chip comparable to a 
prior art smart card program) , which were both programs and standards 
gefee^based upon the dedicated, custom designed ASIC, hardware 
integrated circuit (IC) implementation of the National Security 
Agency (KSA) developed/ classified Clipper chip incrementing the 
Skipjack secret key algorithm with on-chip tamper resistant non- 
volatile memory "(TNV-EEPROM) , second example cryptographic digital 
signal processor (C-DSP) means being standard digital signal 
processing (DSP) functions combined With silicon compiler functions 
implementing the Chandra patent (O's Patent Number 4,817,140 issued on 
March 28, 1939 and assigned Lo IBM Corporation)/ and third example 

cryptographic digital signal processor (C-DSP) means being numerous 
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other US Patents and also public art, non-patented technical 
literature'; 

providing o f process step 57 uses the component of prior art, a 
cryptographic digital signal processor (C-DSP) means intended for 
very fast processing of large fixed-point arrays of fixed-point or 
fixed radix numbers as shown in the prior art, Texas Instruments (TI) 
m$g±320 DSP and also the AT&T DSP-1, additionally containing a 
cryptographic hardware secret key algorithm sub-processor, tamper 
resistant lion-volatile electrically erasable progra m ma b le read only 
memory {TNV-EEPRQM) , random access memory (RfiHj , analog; to digital 
signal converters (ADC? , moving picture electronics group standards X 
(MPEG X? hardware decompression only circuitry for digital 
audio/ video; digital audio/ video signal artificial degradation 
circuitry, digital to analog signal converters, and digital signal 
processing of digital audio /video "signals circuitryy 

providing of process step 57 uses the component of new art, 
cryptographic digital signal processor (C-D5P? means designed for 
ipw-cost, very fast, digital processing of fixed-point number arrays 
as shown in the prior art/ popularly used, Texas Instruments TMS-320 
DSP and also the AT&T DSP-1, furthermore, having additional silicon 
compiler designed components adding embedded tamper resistant non- 
volatile electrically erasable programmable read only memory (TNV- 
EEPRQM) for secure cryptographic key storage, along with both tamper 
resistant to pin-probers; and cryptographically protected on-chip, 
firmware implemented new art, byte-oriented, secret key algorithm 

based secret key encryption and decryption for both stream oriented 
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and block oriented encryption and decryption processes, with on-chip 

hardware and firmware library support for both secret key and public 

key algorithms 5»ch as an electronic true random number generator, an 

* 

on-chip hardware floating point unit (FPU) for processing large 
blocks of secret key encrypted arid decrypted data using riewer y> 2QQ3 
firmware based, byte oriented, secret key algorithms such as Zldvanced 
Encryption Standard (AESj , an extremely large Integer to an ex t redely 
large integer exponentiation unit using the binary square and 
mu£tip£y method commonly used M public key cryptography,, with 
addltx6iial 6h-Chift £ilic:6ii compiler d^siQh^d hardware ^Upp6ff. tot 
digital decompression (read-only) algorithms, with additional on- chip 
silicon compiler support for digital compression algorithms/ with 
additional on-chip silicon compiler support for forward error 
detection and correction coding (e«-g/ Reed-Solomon ^or RS coding) done 
in the encoding process sequential order o£ digitally compress, error 
correct, and encrypt, with decoding done in the exact opposite 
sequential process order, with a first example C^BSr means being 
discus.SBd^hroadly^ inventor' s present patent's 

technical material which is not subject to. this present over- all 
system's or methods patent application which uses such a device as a 
provided hardware component, 

providing of process step 57 uses the component of new art, 
programmable gate array logic (GAL) form of high density, application 
specific integrated circuit (ASIC) with embedded cryptographic- 
digital signal processor (C-DSP) means functions as mentioned in the 
paragraph just above, 
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providing of process step 57 uses the component of new art, a 
cryptographic digital signal processor {C-1>SP) means designed for 
very Fast execution of fixed-point number arrays guch as the popular 
Texas Instruments TM5-320 and also the AT&T DSF-1, furthermore, 
having additional silicon compiler based embedded, prior art, 
cryptographic hardware secret key algorithm sub-processors based upon 
prior art, standardized, secret Itey algorithms with an example 
algorithm being given as IBM's patented Data Encryption Standard 
(PES), with on-chip firmware support, an- on-chip ha&dwa-ce floating 
point Unit (FPU) fot processing large bldcKs of S6Cr£t key encrypted 
and decrypted data using newer y, 2003 firmware based, byte oriented, 
secret key algorithms such as Advanced Encryption Standard (ASS) , an 
extremely large integer to an extremely large integer exponentiation 
unit using the binary square and .multiply method commonly used in 
public key cryptography , with additional on-chip silicon compiler 
designed hardware support for digital decompression (read-only) 
algorithms, with additional on-chip silicon compiler support for 
^^^al^^^^^ggj^si^^^^^^^^^^^^i^ot^ on-chip silicon 
compiler support for forward error detection and correction coding 
(e-g, Reed-Solomon or RS coding) done in the encoding process 
sequential order of digitally compress, error correct, and encrypt. 
With decoding done ih the exact opposite sequential process order, 
which in turn are silicon compiler design en±>edded hardware sub-units 
inside of said prior art, cryptographic digital signal processors (C- 
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providing of process step 57 uses the component of prior art, a 
cryptographic micro-processor (c-uP) or a central processing unit 
(CPU) such as an Intel Pentium (ft ) CPU with a control unit, and also 
with an integrated fast, hardware, floating point unit (FPU), 
integrated memory management unit (MftU) , integrated instruct ion and 
data cache unit, integrated bus interface unit (3X13) , and additional 
proposed subset functionality of a C-DSP means including integrated 
tamper resistant non-volatile electrically erasable programmable read 
only memory ( TNV-SSPRQM.? , all on a. single chip, which- has impedance 
monitored inf.ef metallic depositidri lay^f^s plot Acting the enflrg cnlp 
from illegal pin probers used by hackers targeting the on-chip 
architecture including the protected Pblack* ) on-chip buses, and 
also for protecting the entire chip from wiretapping pin probers used 
to illegally read cryptographic- keys- stored on the on-chip said 
embedded, tamper resistant non- volatile electrically erasable 
programmable read only memory (T&V-EEPRQM) , with the main anti-tampgr 
means being the automatic on-chip erasure of cryptographic memory 
(TNYrEEPRQM) holding al l cryptograph^ automatic 
detection of any signs of chip tampering; 

providing of process step 57 uses the component of new art, a 
cf^tographic computing based unit fOCFU) al^d having a subset of 
cryptographic digital signal processing (C-DSP) raeans having, much 
more on-chip, hardware, floating point (FPU) throughput capacity than 
the C-DSP chip and a more powerful memory management unit (MMU) 
capability, while having subset security functionality as the 
cryptographic digital signal processor uniL (C-DSP) means being on- 
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chip tamper resistant non-volatile electrically erasable programmable 

read-only meiaory (TNV-hlKPROM) or cryptographic memory for both 

c ryp'tog raph j c key g to rage and c ryp tog raph j c a 1 go r i t hm f \ rmwa re 

storage, automatic on-chip impedance monitoring of a whole chip 

inter-metallic layer with automatic erasure of cryptographic xttieiajory 

upon tarapcr detection, silicon compiler library designed on-chip 

functions with automatic placement and routing, on-chip support for 

read-only cossaercial players using an embedded C-CPtf of a taisper 

protected, error detection ■ or correction- un.it (.e-g~ Reed-Solomon 

Unit) Oft chip support for read-only coti^efcial players' usiriq an 

embedded C-CPU of a tamper protected ( ^black unit* ) , embedded, secret 

key decryption sub-unit which supports both dedicated hardware and 

dedicated finsware secret key decryption of play-back mode only, 

uniquely secret key encrypted, commercial media/ on-chip tamper 

protected digital tie- compress ion only support in play-back only mode 

for standard form digital media {e.g. MP3 being discrete cosine 

transform fDCT) based, MPEG X being discrete cosine transform {DOT) 

based, fast wavelet transform ( E^Ti^^i^ convolutional 

coding based, JPEG being discrete cosine transform (OCT? based, JPEG 

200Q being fast wavelet transform (FWT? or convolutional coding 

based, Fraunhofer Institute of Germany 7 s y fast wavelet transform 

(FffT) audio (R ) cbnvo lutiohal coding, AAC {R ) brand cbhvolutibnal 

coding) widely used in commercial media players, with more general 

bi-directional use in crypto^cell phones and cr ypt o- hand- he Id . 

computers for similar on-chip support respecting relevant process 

sequential orders being digitally fcompiess media, eiacxypL media;, 

error detection bits added, which imu'st bfe uricione in orbitography in 
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the exact reverse sequential order, for the hardware and firmware 
based encryption and decryption of digital media data > biat> Without 
current on-chip support for encrypted operation codes (c-op codes) 
usable in the future for cryptographic computer programs and 
cryptdqirapnici tanlti-taedia pfogfaias, with a first example C-CFU means 
being discussed in the present inventor's present invention, 

providing o f process step 57 uses the cos^oneTU:_pf^^ 
cryptographic media player (MP) based upon prior arty non- 
cryptographic digital signal processor (DSP) means with starting 
functionality of the popular Texas Instruments TM5-32Q D5F, 
constructed with serial bus connections to customer insertable and 
removable prior art y Siiiart card reader-writer unit interfaces f and a 
read-only drive unit for standard physical format) digital media 
which is very similar in computer architecture to prior art, 
electronic-book readers which have a built-in, very small/ liquid 
crystal display (Lc6) , and ar£ similar^ in physical form t6 noti- 
cryptographic compact disk players, 

providing of process step 57 uses the^fcomponent of new art, a 

cryptographic media player {c-MP) constructed with said> prior art> 

cryptographic digital signal processor (ODSP) means having serial 

bus connections to customer insertable and removable prior art, smart 

cafd reader-writer unit interfaces, and also having a read-only drive 

unit for standard media with first example, read-only, media means 

being compact disk record once (CD-R) > second example read-only media 

means being compact, disk compact disk read-wri te (Cft-ftW) , and third 

example read-only media means being banked non-volatile memory card 
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(banked ESPRC&I) , and fourth example read-only media means being 



digital versatile disk record once (DVD-R) > 



providing o f process step 57 uses the component of new art) a 
cryptographic personal computer- (c-FC) which is created by using new 
art, said cryptographic digital signal processor (C-DSF) means based 
plug^in, peripheral or contention bus or input^output bus (I/O bus) 
cards for prior art» s '-per.sj^a l^^xrou1fe.er.s (PC' s) > with the peripheral 
bus giving an interface to. the motherboard's said cryptographic 
central processing unit (£-CPU) which in turn has a Universal Serial 
Bus jJJSB) interface to a USB based smart card reader, 

providing o f process step 57 uses the component of new art, a 
cryptographic personal computer (c-PC} having a subset functionality 
of C-DSP means, v?£ich is created by using a prior art, standard of i- 
the aheSf personal computer (PG? design with a cryptographic cgntrgj 
processing unit (C-CPTJ? with the goal of creating an internal secure 
bus hardware or *black bus' computer architecture system also having 
insecure hardware bus or *red bus' or open wiretapable buses, which 
furthermore requires a new art, cr^j.Qqr^^ ic^6^e^ ^tinQ system CC- 
0S)> 

providing oC process sbep 57 uses the component: of new art:, a 
cryptographic media player (c-MP) for playing back custom secret key 
encrypted, coaitpressed digital/ audio-video in standard fonaat with 
first example compressed digital audio-video being given as prior 
art, Moving Picture Electronics Group Standards X (MFKG Xj and second 
example compressed digital audio- video being given as prior art, fast 
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wavelet audio- video digital compression also called convolufcional 
codings furthermore) said player contains embedded) cryptographic 
computing units (C-CfitT's) with serial bus interfaces to huHf-in, 
prior art-, smart card reader units, and also having built-in, prior 
art, iriput/autput (I/O) peripheral bus connected, computer industry 
standard, peripheral data storage drives in first example drive being 
a compact disk read only (CD) drive which reads co&pact disk record 
once format (CD-R) , 

providing of process step 57 uses the component of new art/ a 
universal cryptographic set-top box form of media players (c-MT's3 
for playing back custom secret key encrypted, high definition 
television {HDTV? broadcasts and standard definition television 
(SUTV) broadcasts/ as- well as for playing custom secret key 
encryptedf cabTe channel programming, as well as for playing custom 
secret key encrypted satellite television programming which axe based 
upon a more powerful/ cryptographic media player computer 
architecture (c-HP) , 

providing o f ^pxoces's- :s t ep_57 .uses the component of new art, a 

cryptographic micro^mirror module (c-MMM) -commercial theater 

projection-theater sound units which are special cryptographic media 

players which use prior art, more than one drive, digital versatile 

disk read only (DVD) drive units which also read digital versatile 

disk record (DVD-X) format s, furthermore, the DVT>-X disks contain 

custom ^ncrypt^d compressed digital media which can be decrypted only 

with a corresponding, uni que r _jmBJ±^JZBXd^^g jzamme:d in a prior art, 

standard; personal computer (PC) over the wiretapable ( % redbus f ) 
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Internet as a special media ticket smart card using the met hods of 



the ^pre&ent inventor' s ■ patent ? 



providing of process step 57 uses the component of prior art, a 
modified secure operating system (secure-OS) for world wide web (WPgWj 
server computers which will custom customer session key encrypt & 
vendor secret key encrypted- digital master; and- electron! call y 
dist:ri:ls^gJa^£^.*~J5as.^VPted digital taedia masters, xising_X irewalls, 
-using anti -Viral software updated weekly^ using network protocol 
converters, using standard layered security Methods, and using n lnner 
sanctua^ protection for vendor session jcey or one-time secret key 
encrypted digital media masters, 

-providing"^' process step 57 uses th<e component of prior art, & 
world wide web {WWW) transmission control protocol- internet protocol 
< TCP'- TP) command protocol -stack: program for Internet connectivity, 

providing o f process step 57 uses the component of prior art, 
standard, a plurality' of cryptographic matheniatics algorithms, 

providing of process step 57 uses the component of prior art, a 
plurality of public key cryptography algorithms which create public 
keys and private keys? 

providing of process step 57 uses the component of prior art, a 
plurality of secret key cryptography algorithms which create secret 
keys and session keys (1-time secret keys) and also play counts or 
access counts or media decryption counts and play codes {session keys 
or 1-time secret keys) , 
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providing of process step 57 uses the eoiftpoiient: of prior art, a 
plurality of hybrid key cryptography algorithm which are cosabined 
public frey and private key cryptography algorithms (prior art), 

providing of process step 57 uses the component of prior art, a 
Plurality of private Key axid. secret frey spLi4:^ 

providing of process step 57 uses the component of prior art, a 
plurality of private key and secret key escrow techniques, 

providing of process stop 57 uses the component of prior art, a 
plurality of algorithms used Lo generate: cryptographic keys which 
are the, collective, public, keys* private keys,, secret, keys, session 
keys (1-bime use only secret keys) , play counts, play codes, 
passphrases-passcodes,. 

providing of process step 57 uses the component of prior art, a 
plurality of coiaputer cryptography protocols, 

providing of process step 57. uses the component of prior art, a 
plurality of pass-thru encryption algorithms for transmitting secure 
data over wiretapable computer buses ( 'red buses'), 

providing of process step 57 uses the coinponent of prior art, 
standardised form, a plurality of Tossy compressed digital media 
algorithms with first example algorithm being given as MPEG X (R ) 
based upon a SVGA {R ) video format and also newer UXGA (R ) higher 
resdldtlon video fisrraafe, second example algorithm being given as MP3 
(R ) based upon pulse code modulated (PCM'.s) audio sound, only,, third 
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example algorithm being given as JPEG X (R ) for still color 
photography only with O'PfeSG being discrete cosine, transform {OCT) 
based and 3FRG 2000 being fast wavelet transform (TOT) compression! 
based,, fourth example algorithm, being., given, as. fast wavelet transform 
(FWT) audio-video, fifth example algorithm being given as proprietary 
Advanced Audio CODEC (R j (AAC {R )) using a FWT algorithm variant, 
sixth example algorithm being -given as Fraunhofer institute of 
Germany 7 s fast wavelet transform (FWT) audio (R ), who are the 
original international; paten- tees far con-volu-tional coding, ba-sed- lossy 
digital confession, 

providing of process step 57 uses the component of prior art, a 
transmissions control protocol/ internet protocol (TCP/IP) for 
internet connectivity? 

providing, o f process., step, 57, uses, the component, of prior art, & 
secure internet protocol layer {secure TP layer) layer of Internet 
data encryption/ 

providing of process step 57 uses the component of prior art, a 
secure sockets layer (SSL) layer of Internet data encryption, 

providing of process step 57 uses the component of prior art, a 
plurality of world wide web (WWW) server standard interchange file 
language with first, example, protocol being, hyper-text, mark-up , 
language (HTfrfL) , second example protocol being extensible bxisliifessr 
: ^ar^up^^n^a,^^ (XBNL or XML) , and third example protocol being 
generalized- text mark-up language (GT34L) , 



providing e £ process step 57 uses the component of a plurality of 
world wide web {WW} client standard interchange file languages with 
first example being hyper- "text mark-up language (H TML) , 

generating of a set of common system keys which is the process done 
by the media ticket smart card system author! ty's, party S's, 
dedicated public key generation authority, party G, while having 
absolutely no access to customer identifications, 

generaLlng ol" a seL o£ media dls trlbullon vendor crypLograpiile keys 
eventually used in cryptographic digital signal processors {fODSP'B) 
fox eventual -manufacturing into cryptographic media players which is 
the process done by the media ticket s^r£_<^r^:^ 

party S*s, dedicated public key generation authority-/ party G, while 
having absolutely no access to customer identifications, 

gehetatih^ of a media ticket sfeaiit card cryptographic kiay set 6t 
unique customer cryptographic key set^ which is the process done by 
the media ticket smart card system authority's, party S's, dedicated 
public key generation authority, party G, while having absolutely no 
acco-ss to customer identif lea-felons,- 

distributing, .of said cryptographic digital signal processors (C- 

DSP's) which is the process dbhe by the media ticket sta£rt card 

system authority's, party S's, dedicated public key distribution 

authority, party D, distributing, cryptographic digital signal 

processors (C-DSP^s) (with party G having already pre-embedded an 
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entire set of a unique per vendor, common cryptographic key table 
into each and every cryptographic digital signal processor (OOSff) 
means) to medi a distribution vendors, parties Vn, for manufacturing 
into cryptographic media players, while having, absolutely na access to 
whole cryptographic keys , 

distributing of the media ticket smart cards which is the process 
gon^^^-^^^^^^^^^^gt^j^^ card system authority's, party SVs, 
dedicated pisblic. k-ey distribution authority-, party D> distributing 
media ticket smart cards to media distribution vendors for selling to 
customers, while, having,,, absolutely no access to whole cryptographic 
keys, 

e'scr owing of the" split cryptographic keys which is the" process done 
by the central key generation authority, party G, saf e-g\iarding the 
split cryptographic cu stonier keys> and split cryptographic vendor 
keys in an entirely secure and confidential manner with legal first 
means tor gjjfPlg customer identi fica tj cm and lost^ key recovery, 
second means for dispabed ownership court ordered recovery f and third- 
means for co\xr-t_.orcier^ by lav? enforcement, 

layering for a federated crypjr>graphy architecture which is the 
process done by the iiiedi a ticket smart card system author! ty y party 
'Sr creating a federated architecture of cryptographic authority "with 
3-layers,, a central layer composed of the media ticket smart card 
system authority, a local layer composed of authorized media 
distribution companies Vn, and a user layer composed of customers, 

398of737 



preparing of a unique play code and a unique play count which is 
the process done by the authorized -digital media dlistribution 
company, party Sin, preparing a unique play code (session key or one- 
time secret , key) a unique play count- (paid for numbers of plays or 
cburits of free' trial plays ) , arid custom encrypted digital media for 
downloading to each customer, 

downloading to customer, party A, which is the process done~by--fche 
authorized digital -media •distribution -vendor/ party Yn, using hybrid 
key cryptographing steps of hybrid key cryptographic digital media 
distribution from, a. central media, distribution authority hosted on a . 
World Wide Web (WWW} server to multiple personal computer (PC) based 
World Wide Web (WWW) clients of encrypted play codes {one-time secret 
-keys or -session keys) with header and encrypted play counts {paid for 
counts of p lays or decryptions, or else counts of free trial plays) 
with header for deposit into media ticket smart cards attached to 
personal computer (PC) based media ticket smart card readers, and 
one-way transfer of custom session key or one-time secret key 
r eneryp ted digital media which is pre-unique Vendor secret key 
encrypted for deposit , into physical digital media inserted into media 
drives attached to personal .computers- jPC's).,- 

dei jeering, by foo.t which, is the, process, done, by the, customer,; &arty 
A, of physically transferring both physical custom encrypted digital 
media and the customer, party A's, programmed media ticket smart 
■ cards .from .the -customer's') party A's> personal computer to any 
person's cryptographic media player with a built-in media ticket 
smart card reader,, . 
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encrypting using pass-thru means involving several processes and 
components for transferring any type of digital data -securely fjggg . 
the media ticket smart card up to the cryptographic digital signal 
processor (C-D3P) Means with first example pass-thru encrypting means . 
being common family key or seated secret key encryption wtiich is 
known to be vulnerable to a single point of attack, second example 
pass- thru encrypting means being a p re-embedded, common look-up table 
of unique vendor public key and matching private keys with 
organisational means- involving several* processes and components such 
els first organisational means being a row> column table indexed by a 
ye ado r ide n t i f i cat t ip n m imb e r , jr. h i r d e Kamp 1 e pa s s - th r \ t e. nc r y p t i nq 
me^iis being & pre-embedded common look-up table of unique vendor- 
secret keys with organizational means involving several processes and 
components- with first, organizational means, being a row/ column; table. 
Indexed by a vendbr idenlirication mimher, 

encrypting using pass-thru return means involving several processes 
and components for transferring any digital data from the 
cryptographic digital signal processor {C-D3?? nasans to the media 
ticket smart card with first example pass-thru encrypting return 
means being, common family key or shared secret key encryption which 
is known Z6 be vxilrief ablet to a siftgle point: df Ag£A'dk% sedond £xara£>le; 
pass-thru encrypting return tae.ans being a pre-emb^dded^ common look- 
up table of unique vendor public key and matching private keys with 
organizational means involving several processes and cosgxments such 
as first organizational: moans- being a; row/ column- table indexed-; by a- 
vendor idenCiricatlon number/ third example pass-thru encrypting 
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return means being a pre- embedded common look-up table of unique 
vendor -secret .-keys with organizational ^ean-s involving several 
processes and comp onents with first organizational means being a row, 
column table indexed by, a vendor identification number/ 

iSill^LlZ2IlB before playing which is the process done by the 
customer* party A, of preparing- any party 's cryptographic media, 
player " •wi > tb±hls^owt custom- encrypted, digital media hig_own media 
ticket jgsaxt card? 

eui Uke hi-. 1 ca U i tig by customer Urlattgl-e au titeafc: i-ca U i-oa, which is the 
process done by the cryptographic digital signal processor embedded 
inside of a cryptographic media player,/ 

transferring of cryptographic keys to the cryptographic^digitial 
■ signal- -processor (C-DSP) .-means by pass-thru encrypting means of 
cryptographic keys which is the process done by the cryptographic 
media, player to. receive encrypted play codes, with header and 
encrypted play counts with header from the media ticket smart card a 
transferred crecr wirctapablc computer buses to the player n s own 
cryptographic memory for access by its cryptographic digital signal 
processor (ODSP) means, 

transferring oL cryptographic keys away from the cryptographic 
digital signal processor tODS.P). means, by pass-thru, encrypting return 
means of cryptographic keys which is the process done by the 
cryptographic media player's cryptographic digital signal processor 
(C-D3P) means to transfer encrypted play codes' with header and 
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encrypted play counts with header both with cryptographic digital 
signal processor (C-DSP) means incremented sequence counts to the 
media ticket smart card A transferred over wiretapah^e computer 
buses, 

3 u the n t i ca t i n.q using media t r i a n q 1 e a u th e n tjcatj o n wh j ch. i s th g 
process of matching the unique digital media with its matching unique 
play code by the method done by, a cryptographic media player using 
■ digital media triangle authentication using sample reads of test data 
with successful decryption/ 

cryptograph! tig using hybrid key cryptography which is the process 
done by a cryptographic digital signal processor {ODSPj Kieans inside 
of a cryptographic media player using hybrid key cryptography which 
is the process of using hybrid key cryptography which uses public key 
cryptography, ta an t bent 1 cate remote parties, do. digital signatures-, to . 
authenticate digital media and establish media integrity with a 
remote party, and encrypt one-time secret keys Vnown. as session keyg 
(ask— a) , used lor only one session; wha'eh stiid ^e^jian keyj axe seiai: 
to a remote party who decrypts them for storage in his own tamper 
resistant/ non-volatile memory ( TNV- EE PROM ) embedded on his black, 
cryptographic computing unit in the example of a prior art 
cryptographic digital signal processor (C-DS?) , means and a 
cryptographic central processing unit jC-CPU) which said session keys 
may be later stored in tamper resistant non- volatile memory fTNY- 
K&VKQM) embedded in a media ticket smart card where they are referred 
to as play codes with paid for and authorized play counts, 
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accounting by the cryptographic digital signal processor (C-DSP) 
means which is the process done by the cryptographic media player 
using hybrid key cryptography digital media playing of one-way 
transfer of custom session key encrypted digital media owned by party 
n in a controlled access manner mostly for financial accounting 
purposes which uses the play codes (session key or one -time secret 
key) and play counts (paid for number of plays or count of free trial 
plays) contained in media ticket smart cards , 

playing by the cryptographic digital signal processor (C-DSP) means 
which is the process done by the cryptographic media player using 
hybrid key cryptography which is the process of using hybrid key 
cryptography to do digital media playing in a controlled access 
manner using play codes (session key or one-time secret keys) and 
pi ay counts (now con ta i ned wi t.h i n regi sters i n the cryptograph i c 
digital signal processor (C-DSP) means and also the double secret key 
decryption of first a unique customer session key decryption followed 
by a unique vendor secret key decryption used directly used upon the 
custom encrypted one-way transfer of custom session key encrypted 
digital media which is pre-unique vendor secret key encrypted with 
sequence number checks for countering recorded replay attacks/ 

escrowing retrieval of lost, stolen, or disputed ownership media 

ticket simart cards which is the process done by the customer, party 

Qi which collection of processes of or methods of invention sets 

systems standards and integrates components into a system which can 

be used in the future for new forms of initial *de facto,' and then 

internationally standardized cryptography sanctioned by industry 
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trade groups such as the Recording Industry of America Association 
(RiAA), the Secure Digital Music initiative {SDMI) , the US National 
Association of Broadcasters (NAR) , 

whereby the present invention creates several processes in doing 
digital media distribution over the prior art Internet using secure 
World Wide Web (WWW) servers involving the cryptographically secure 
transfer or download to personal computers {PC's) of digital media with 
subsequent transfer to cryptographic media players, 

whereby the present invention creates several' processes in 
safeguarding multi-million. dollar digital masters. 



404 of 737 



58 > The process gj g claim 57 whereby the method or process of 
cryptograph ing using public key cryptography which is the process 
done by said cryptographic media player with its et&bedded said 
cryptographic digital signal processor (C-D3P) means using public key 
cryptography which is the process of using public Jcey cryptography 
.authentication, encryption, and decryption using public keys (pufc-n) , 
and private keys (prk-n) , stored within tamper resistant non-volatile 
memory { TNV-SEFRQM ) embedded .within non-wireLapable ("black") 
cryptographic computing units in the example of cryptographic digital 
signal processors (C-DSP) means. 
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PROCESS STEP 59 > The process of claim 57 whereby the process or 
method of cryptographing using secret key cryptography which is the 
. process done by said cryptographic media player with its embedded 
said cryptographic digital signal processor (C-DSP? means using 
secret key cryptography which is the process of using secret key 
cryptography with a non-wiretapable ("black"} bus, cryptographic 
computing unit in example of a cryptographic digital signal 
processing (C-DSP) means using secret keys (sek-n), or session keys 
(ssk-n), stored upon tamper resistant, non-volatile memory (TNV- 
EEPRQH) t consists of the sub-step of: 

cryptograph ing using fast hardware session key cryptography which 
is the process done by a cryptographic digital signal processor (C- 
DSP) means inside of a cryptographic media player using hardware 
secret key cryptography which is the process of using a dedicated 
hardware secret key sub-processor which is embedded within a secure 
("black"), cryptographic digital signal processing (C-DSP) means with 
access to higher level tamper resistant non-volatile ("black") memory 
for cryptographic key storage of private keys and secret keys, which 
hardware secret key sub-processor is much faster than software for 
secret key cryptography and is intended for fast, secret key 
cryptography encryption and decryption of block transferred digital 
media. 
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PROCESS STEP 60 ^ A specific methods of or: grogegg^ for doing-- public key -: 
cryptography over an open, systems architecture in a totally 
cryptographically secure manner meant for safeguarding multi-million . 
dollar digital masters for the specific process of ^over the air,'* 
broadband cable, broadband phone line, direct digital satellite, or 
Institute of E-lectrical and Electronic Engineers ( IEEE -8-62 -« 11c } 
wireless Ethernet distribution of custom pre-encrypted, ^cipher text," 
digital media in high definition television (HDTV) /standards definition 
television (SDTV) digital form which open systems architecture includes 
existing prior art components integrated into a new art systems process 
of: 

providing- of process step. 60 uses- the component of prior art, a 
tamper-resistant non-volatile electrically erasable programmable 
read-only memory (TNV-EEPRQM) which can be in an external dedicated 
chip and also in an on-chip micro-controller design, which is used to 
hold embedded, brief in length, cryptographic computer programs, 
cryptographic system keys with first example cryptographic keys being 
family keys or shared secret keys, second example cryptographic keys 
being cryptographic private keys, third example cryptographic keys 
being, secret keys,, fourth example cryptographic keys being session 
keys, and fifth example cryptographic keys being cryptographic public 
keys, 
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providing of process step 60 uses the component of prior art, an 
electrically erasable programmable read-only memory (SSPROM) which 
can come in a larger dedicated chip and also in an on-chip micro- 
controiler design, used to hold, non- secure, computer programs 
(firmware) which are usually stored on separate and dedicated EEPRQM 
memory chips which are connected to the digital computer processor 
through an input-output (I/O) bus with an on-processor instruction 
cache usually made of two layers: a LI cache of faster, static RAM, 
and a L2 cache of very fast, associative memory or on-chip banked 
registers used to locally hold pages of operational codes (op codes) 
for fast execution, 

providing of process step 60 uses the component of prior art, a 
static random access memory* (SRAM) which can come in a larger 
dedicated chip and also in ah on-chip micro-controiier design with ah 
on-chip input-output (I/O) bus with SRAM preferred over DRAH on-chip 
for faster speed and no need of a memory refresh cycle at the cost of 
one-fourth less bit density, for faster temporary storage of dynamic 
data which is usually in the form of separate and dedicated SRAM 
memory chips which are connected to the digital computer processor 
through an input-output (I/O) bus with an on-processor data ca^e_o£ 
one or more levels (bl cache being SRAM and b2 cache being 
associative memory or registers) used to locally hold pages of 
dynamic computer data for fast data cache access, 

providing o f process step 60 uses the component of prior art/ a 

dynamic random access memory (DRAM) which can come in a larger 

dedicated chip and also in an on-chip micro-controller design using 
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an on-chip input-output (I/O) bus with on-chip SRAM preferred over 
PR-AM in micro-controllers for faster speed and no memory refresh 
cycle, with the latest example of fast DRAM being duo-data rate, 
synchronous, dynamic random access memory (DDR-SDRAM) which can hold 
either, operational codes (for non-firmware based computer programs) 
or dynamic data (especially large arrays and large chunks of data 
such as video * frame buffers'), with the DRAM being an acknowledged 
bottle-neck on the central processor unit (CPU) bus with another 
greater bottle-neck being the transfer of digital data over the 
peripheral device or input-output (l/O) bus and its much slower often 
electro-mechanical input-output (I/O) devices, 

providing o £ process step 60 uses the component of prior art, a 
low-cost/ low-throughput, cryptographic embedded micro -controller {c- 
u-Ctlr) with scalar control operations, slow fixed-point arithmetic 
processing, and very slow, floating point interpreter based floating 
point processing (lacking a hardware floating point unit (FFU) ) , as 
used in a prior art, 8-bit, single chip solution, micro-controller 
based, smart card as widely used in Europe for over twenty years with 
universal success over-coming in all forms of human abuse and adverse 
weather conditions, with said tamper resistant non-volatile memory, 
random access memory (TNV-KK^ROM) , holding both cryptographic keys 
and very limited amounts of embedded secure cryptographic algorithm 
firmware for the entirely on-chip execution of cryptographic 
algorithms (secret key encryption-decryption, public key encryption- 
decryption, message digest ciphers (MDC's), message authentication 
ciphers {MAC s) ) , lurlhexmore/ possessing an on-chip inpul-oulpuL 
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(I/O) bus in a micro-controller architecture with on-chip limited, 
static random access memory (SRAM) for fast dynamic data storage, and 
on-chip limited electrically erasable programmable read only memory 

(EEPRQM) for computer ■ firmware program storage, furthermore, 
possessing a wiretapable ( % red' ) smart card serial data bus to the 
external world which is used for initial unique customer access code 
communications from a digital computer into the smart card to 
activate it, and then is subsequently used for reverse direction 
communications of internal smart card secure memory values 
representing cash to debit and also accounting access counts used in 
pass-thru encryption to transfer encrypted ( Vipher-text* ) data from 
the cryptographic micro-processor (c-uP) inside the smart card to a 
smart card reader and pass-by processing proceeding to a digital 
computer which must do pass- thru decryption and pass- thru encryption 
lor the reLum closed feed-back response communica Lions exchange oi 
possibly debited monetary values or incremented access counts needing 
secure storage in the smart card, 

providing o f process step 60 uses the component of prior art, the 
smart card used for media ticket applications containing tamper 
resistant, non-volatile memory ( TNV-EEPRQM ) for key storage as part 
of cryptographic embedded micro-processors (c-uP's), 

providing of process step 60 uses the component of prior art, 

serial data computer communications interfaces such as a personal 

computer (PC) based, serial bus connected (e,g. Universal Serial Bus 

or USB bus, and the faster and longer distance but more expensive, 

IEEE 1394 serial bus ( % Fire wire bus')), used to connect a personal 
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computer (PC) to a digitized human fingerprint reader and for other 
computer peripheral purposes/ 

« 

providing o f process step 60 uses the component of prior art, a 
smart card reader means involving several invention processes which 
simply reads the customer inserted smart card's pass-thru encrypted 
data and passes it over wirctapablc ( *rcd f ) buses to the digital 
computer, furthermore, a first example form of smart card reader 
means has physical metallic contacts with a power pin used to re- 
charge any smart card internal battery from an additional AC power 
line going into the smart card reader and suitable voltage conversion 
and regulation electronics, furthermore, a second example smart card 
reader means is a popular class of prior art, smart cards which have 
an optical interface which lacks any form of smart card battery re~ 
charging capability but has improved durability, a third example 
smart card reader is a prior art, integrated smart card reader with 
bio-ID digitized fingerprint reader, furthermore, the smart card 
reader is a dumb and inexpensive computer serial data bus device with 
a first example serial communications interface being a prior art, 
serial data bus given as a universal serial bus (USB) providing 
maximum 3,0 Mega bits/second data transfer over a maximum 3.5 feet 
distance/ which has no local area networking (LAN) interfaces which 
must be provided by the attached digital computer, a second example 
serial communications interface being a prior art, IEEE 1394 { ^Fire 
wire') serial data bus which transfers a maximum of 10.0 Mega 
bits/second at a distance of up to a maximum of 10.0 fect, 
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providing of process step 60 uses the component of prior art, 
biological-identification (bio-ID) reader means which attach to 
personal computers (PC's) using a low-cost serial data bus such as a 
universal serial data bus (USB bus) with a first example bio-ID 
reader means being a smart card reader with piggy-backed, integrated, 
digitized fingerprint, bio-identification (bio-ID) reader for very 
customer convenient use, with an example customer use of a low 
security and unattended by a ^warm-blooded* authorized gate-keeper, 
bio-ID means of x warm-biooded' index finger insertion into a 
digitized fingerprint reader and smart card insertion at the same 
time, a second example bio- ID reader means is a prior art, smart card 
reader with external AC power supply and power conversion and 
regulation transformers along with a piggy-backed % warm-blooded' iris 
scan reader digital video-camera electronics which said iris scan 
reader is aLLached by IEEE 1394 { *Fire wire' ) digital cable to a 
digital video camera/ 

providing of process step 60 uses the component of prior art, an 
internet protocol (IP) , wide area network (IP WAN) , 

providing o f process step 60 uses the component of prior art/ a 
world wide web server (WWW) or web or graphics rich portion of the 
Internet web server computer, 

providing o f process step 60 uses the component of prior art, a 
personal computer (PC), which is non-cryptoqraphically secure, 
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providing of process step 60 uses the component of prior art, a 
personal computer {PC) web client/ 

p ro v i ding o f p roces 3 g tep 60 uses the compon en t o f prior art/ g 
personal computer (PC) peripherals/ 

providing of process step 60 uses the component of prior art, a 
data entry devices of an on-board protected electronic device, toggle 
field with a prior art liquid crystal display (LCD) for entry of the 
unique customer passphrase with closely corresponding passcode entry/ 

providing ol process slep 60 uses the component ol prior art, a 
data entry device of computer keyboards used for unique customer 
password, and passphrase-passcode entry with wiretapable Pred bus*) 
computer keyboard buses vulnerable to the known prior art, hacker 
tools of both software and hardware based keyboard capture buffers, 

providing of process step 60 uses the component, of prior art, a 
banked-£KPKGM card reader-writer connected by a prior art, serial bus 
connected with first example serial bus being the Universal Serial 
Bus (R ) (USB bus) connected banked non-volatile memory chip card 
reader-writer serial bus interface unit to an electronic device, with 
first example banked non-volat ile memory chip card unit which inserts 
into the reader being a banked, elecLrically erasable programmable 
read only memory (banked-EEFROM) card unit (e.g. Sans Disk (R ) card, 
or SD (R ) card) y and second example banked non-volatile memory chip 
card unit being a single, large chip tamper-resistant non-volatile 
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electrically erasable programmable read-only memory (TNV-EEPRQM) 
(e.g. Memory Stick (R ) chip) , 

providing o f process step 60 uses the component of prior art, a 
personal computer's (PC / s) peripheral data storage devices such as 
bard disk drives (HDD's)/ compact disk (CO) record once (CTHff (R > ) 
drives, compact disk read-write (CD-RW (R )) drives which all offer 
^backwards compatible' CD media which can be used in read-only modes 
compatible with older/ existing read-only CD drives {CD), also 
writable digital versatile disk (DVD) drives (e-g. DVD+RW (R ?, DYD- 
Rff (R ) , DVD-BAM (R ) which all offer ^backwards compatible' media 
which can be used in read-only modes compatible with older, existing 
read-only DVD drives (DVD-ROM) , 

providing of process step 60 xises the component of prior art, a 
personal computer's (PC/s) based peripheral data storage media units 
(e.g. back-up devices, video devices, fast floppy drives (e»g> Iomega 
(R ) Zip (R ) drives)/ removable hard disk drives (removable HDD) 
(e.g. Iomega Jazz, (R ) drives) ) , 

providing of process step 60 uses the component of prior art, a 
cryptographic digital signal processor (ODSP) means designed for 
low-cost, very fast digital processing of fixed-point number array or 
arrays of fixed radix numbers having limited necessary precision 
typically less than 32-bits arranged in matrix arrays (32-bit 
integers with an assumed radix point which cannot move with a default 
assumed decimal point which cannot move) as popularly used in the 
Texas Instruments (TT) TMS-320 DSP and also the AT&T DSP-1 , with 

414 of 737 



major DSP features being an accumulator based design with arithmetic 
operation over-flow handling, no -overflow registers/ pipelined design 
to DRAM connected over a central processor unit bus, constants for an 
(i)th round held as register variables for quick update for the (i + 
l)th round, and programming-time, programmable firmware libraries 
supporting flexible digital signal processing for different 
applications, furthermore/ giving fast scalar control processing 
without a need for floating point operation re-normalization based ' 
upon exponents, with a floating point interpreter for limited 
floating point operations involving floating point number formats 
with exponents, furthermore / also having additional silicon compiler 
designed components of embedded tamper resistant non-volatile 
electrically erasable programmable read only memory (T&V-EEPRQM) with 
a first example cryptographic digital signal processor (C-DSP? means 
being a standard DSP combined with the silicon compiler lunc Lions ol 
the prior art, US National Institute of Standards and Technologies 
(NIST's? Clipper chip, which is the Skipjack secret key algorithm 
implemented in a silicon compiler/ sub-circuit with on-chip tamper 
resistant non-volatile memory (TNV-EEPRQM) , single integrated circuit 
( x single chip IC solution' ) design giving stream cipher and block 
cipher encryption and decryption functions (additionally used in the 
prior art, Capstone program using a plug-in PC card (R ) format once 
called PCMCIA having an embedded Clipper ASIC chip comparable to a 
prior art smart card program) , which were both programs and standards 
were based upon the dedicated/ custom designed ASXC> hardware 
integrated circuit (IC) implementation of the National Security 
Agency (NSA) develope6 f classified Clipper chip implementing the 
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Skipjack secret key algorithm along with on-chip tamper resistant 
non-volatile memory (TNV-ESPRQM) , second example cryptographic 
digital signal processor (C-DSP) means being standard digital signal 
processing (DSP) functions combined with silicon compiler functions 
implementing the Chandra patent (US Patent Number 4,817,140 issued on 
March 28, 1989 and assigned to IBM Corporation) , and third example 
cryptographic digital signal processor {C-DS?) means being numerous 
other US Patents and also public art, non-patented technical 
literature, 

providing o f process step 60 uses the component of prior art, a 
cryptographic digital signal processor (C-DSP) means intended for 
very fast processing of large fixed-point arrays of fixed-point or 
fixed radix numbers as shown in the prior art, Texas Instruments {TI) 
TMS-320 DSP and also the AT&T DSP-1, additionally containing a 
cryptographic hardware secret key algorithm sub-processor, tamper 
resistant non-volatile electrically erasable programmable read only 
memory (TW-EEPROM) , random access memory (RAM) , analog to digital 
signal converters (ADC) , moving picture electronics group standards X 
(MPEG X) hardware decompression only circuitry for digital 
audio/video, digital audio/video signal artificial degradation 
circuitry, digital to analog signal converters, and digital signal 
processing. of digital audio/video signals circuitry, 

providing of process step 60 uses the component of new- art f a 

cryptographic digital signal processor (C-DSP) means, designed for 

low-cost, very fast, digital processing of fixed-point number arrays 

as shown in the prior art, popularly used/ Texas Instruments TMS-320 
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DSP- arid also the AT&T DSP-1, f urthermore,, having additional silicon 
compiler designed components adding embedded tamper resistant non- 
volatile electrically erasable programmable read only memory (TW~ 
EE PROM? for secure cryptographic key storage, along with both tamper 
resistant to pin-probers, and cryptographically protected on-chip, 
firmware implemented new art, byte-oriented, secret key algorithm 
based secret key encryption and decryption for both stream oriented 
and block oriented encryption and decryption processes, with on-chip 
hardware and firmware library support for both secret key and public 
key algorithms such as an electronic true random number generator/ an 
on-chip hardware floating .point jinit . (FPU) for, processing .large , 
blocks of secret key encrypted and decrypted data using newer y. 2003 
firmware based, byte oriented/ secret key algorithms such as Advanced 
Encryption Standard (AES) , an extremely large integer to an extremely 
large integer exponentiation unit using the binary square and 
multiply method commonly used in public key crypt ography, with 
additional on-chip silicon compiler designed hardware support for 
digital decompression (read-only) algorithms, with additional on-chip 
silicon compiler support for digital compression algorithms, with 
additional on-chip silicon compiler support for forward error 
detection and correction coding (e,g, Reed-Solomon or. RS coding) done 
in the encoding process sequential order of digitally compress, error 
correct, and encrypt, with decoding done in the exact opposite 
sequential process order/ with a first example C-DSP means being 
discussed broadly in the present inventor r s present patent's 
technical material which is not subject to this present over-all 
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system's or. methods patent application which uses such a device as a 
provided hardware component/ 

providing o f process step 60 uses the component of a new art/ 
programmable gate array logic (GAL) form of high density, application 
specific integrated circuit (ASTQ with embedded cryptograph i c 
digital signal processor (C-DSF) means functions as mentioned in the 
paragraph just above , 

providing of process step 60 uses the component of new art, a 

cryptographic digital signal processor (ODSP) means designed for 

very fast execution of fixed-point number arrays such as the popular 

Texas Instruments, TMS-320 and also the AT&T DSP-1 , furthermore, 

having additional silicon compiler based embedded, prior art, 

cryptographic hardware secret key algorithm sub-processors based upon 

prior art, standardised, secret key algorithms with an example 

algorithm being given as IBM' s patented Data Encryption Standard 

(f>KS), with on-chip firmware support, an on-chip hardware floating 

point unit (FFEJ) lor processing large blocks ol secret key encrypted 

and decrypted data using newer y» 2003 firmware based, byte oriented, 

secret key algorithms such as Advanced Encryption Standard (AES) , an 

extremely large integer to an extremely large integer exponentiation 

unit using the binary square and multiply method commonly used in 

public key cryptography, with additional on-chip silicon compiler 

designed hardware support for digital decompression (read-only) 

algorithms, with additional on-chip silicon compiler support for 

digital compression algorithms, with additional on-chip silicon 

compiler support for forward error detection and correction coding 
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(e-g. Reed-Solomon or RS coding) done in the encoding process 
sequential order of digitally compress, error correct/ and encrypt, 
with decoding done in the exact opposite sequential process order, 
which in turn are silicon compiler design embedded hardware sub-units 
inside of said prior art, cryptographic digital signal processors (C- 
DSP f S) , 

providing o f process step 60 uses the component of prior art, a 
cryptographic micro-processor (c-uP) or a central processing unit 
(CPU) such as an Intei Pentium (R ) GPU with a control unit, and also 
with an integrated fast, hardware, floating point unit (FPU) , 
integrated memory management unit (MMU) , integrated instruction and 
data cache unit f integrated bus interface unit (B.IU) , and additional 
proposed subset functionality of a C-DSP means including integrated 
tamper resistant non-volatile electrically erasable programmable read 
only memory (TNV-EEPRQM) , all on a single chip, which has impedance 
monitored intermetallic deposition layers protecting the entire chip 
from illegal pin probers used by hackers targeting the on-chip 
architecture including the protected { *black* ) on-chip buses, and 
also for protecting the entire chip from wiretapping pin probers used 
to illegally read cryptographic keys stored on the on-chip said 
embedded, tamper resistant non-volatile electrically erasable 
programmable. read only memory (TNV-EEPROM) , with the main anti-tamper 
means being the automatic on-chip erasure of cryptographic memory 
(TNV-EEPROM) holding all cryptographic keys upon the fully automatic 
detection of any signs of chip tampering, 
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providing of process step 60 uses the component of new art, a 
cryptographic computing based unit (OCPU) also having a subset of 
cryptographic digital signal processing (C-DSP) means having much 
more on-chip, hardware , floating point (FPU) throughput capacity than 
the C-DSP chip and a more powerful memory management unit (MMU) 
capability, while having subset security functionality as the 
cryptographic digital signal processor unit {C-DSP} means being on- 
chip tamper resistant non-volatile electrically erasable programmable 
read-only memory (TNV-EEPROM) or cryptographic memory for both 
cryptographic key storage and cryptographic algorithm firmware 
s to r age , an fcoma fc-i c- on- chip impedance - mo n i t o r i ng ..of. a, who 1 e > . ch i p , 
inter-metallic layer with automatic erasure of cryptographic memory 
upon tamper detection, silicon compiler library designed on-chip 
functions with automatic placement and routing/ on-chip support for 
read-only commercial players using, an embedded C-CPU ol a tamper 
protected, error detection or correction unit (e.g. Reed-Solomon 
unit), on chip support for read-only commercial players using an 
embedded C-CPU of a tamper protected ( % black unit' ) , embedded, secret 
key decryption sub-unit which supports both dedicated hardware and 
dedicated firmware secret key decryption of play-back mode only, 
uniquely secret key encrypted, commercial media, on-chip tamper 
protected digital de-compression only support in play-back only mode 
for standard form digital media (e.g. MP 3 being discrete cosine 
transform (DCT) based, MPEG X being discrete cosine transform, (DCT) 
based, fast wavelet transform (FWT) audio-video being convolutional 
coding based, JPEG being discrete cosine transform (DCT) based, JP£G 

2000 being fast wavelet transform (FWT) or conyol^tional coding 
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based, Fraunhofer Institute of Germany's, fast wavelet transform 
(FWT) audio (R ) convolutional coding/ AAC {R ) brand convolutional 
coding) widely used in commercial media players, with more general 
bi-directional use in crypto-cell phones and crypto-hand-held 
computers for similar on-chip support respecting relevant process 
sequential orders being digitally compress media, encrypt media/ 
error detection bits added, which must be undone in cryptography in 
the exact reverse sequential order, for the hardware and firmware 
based encryption and decryption of digital media data, but, without 
current on-chip support for encrypted operation codes (c-op codes) 
usable in the, future , for cryptographic computer programs and 
cryptographic multi-media programs, with a first example C-CPU means 
being discussed in the present inventor's present invention, 

providing of process step 60 uses the component of new art, a non- 
cryptographic media player (MP) based* upon prior art, non- 
cryptographic digital signal processor (DSP) means with starting 
functionality of the popular Texas Instruments TMS-320 DSP, 
constructed with serial bus connections to customer insertabie and 
removable prior art, smart card reader-writer unit interfaces, and a 
read-only drive unit for standard physical format, digital media 
which is very similar in computer architecture to prior art, 
electronic-book. readers. which have a built-in, very small, liquid , 
crystal display (LCD), and are similar in physical form to non- 
cryptographic compact disk players, 



providing of process step 60 uses the component of new art, a 
cryptographic media player (c-MP) constructed with said, prior art, 
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cryptographic digital signal processor (C-DSP) means having serial 
bus connections to customer insertable and removable prior art/ smart 
card reader-writer unit interfaces , and also having a read-only drive 
unit for standard media with first example, read-only, media means 
being compact disk record once (CD-R) , second example read-only media 
means being compact disk compact disk read-write (CD-RW) , and third 
example read-only media means being banked non-volatile memory card 
(banked EEPRGM) , and fourth example read-only media means, being 
digital versatile disk record once (DVD-R) , 

providing of process step 60 uses the component of new art, a 
cryptographic personal computer (c-PC) which is created by using new 
art y said, cryptographic digital signal processor (C-DSP) means based 
plug-in, peripheral or contention bus or input -output bus (I/O bus) 
cards for prior art, personal computers (PC's) , With the peripheral 
bus giving an interface to the motherboard' s said cryptographic 
central processing unit (C-CPU) which in turn has a Universal Serial 
Bus (USB) interface to a USB based smart card reader, 

providing o f process step 60 uses the component of new, art, a 
cryptographic personal computer (c-PC) having a subset_function ality 
of C-DSP means, which is created by using a prior art, standard off- 
the shelf personal computer (PC) design with a cryptographic central 
processing unit (C-CPU) with the goal of creating an internal secure 
bus hardware or *black bus f computer, architecture system also having 
insecure hardware bus or *red bus' or open wiretapable buses, which 
furthermore requires a new art, cryptographic operating system (C- 
QS), 
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providing of process step- 60 uses the component of new art, a 
cryptographic media player (c-MP) for playing back custom secret key 
encrypted, compressed digital , audio-video in standard format with 
first example compressed digital audio-video being given as prior 
•' art y . Moving Picture Electronics Group Standards X (MPEG X) and second 
example compressed digital audio-video being given as prior art, fast 
wavelet audio-video digital compression also called convolutional 
codingy furthermorey said player contains embeddedy cryptographic 
computing units (OCPU's) with serial bus interfaces to built-in, 
prior arty smart card reader units,, and also having built-in,,, prior 
art, inputt/outputr-. (I/O) peripheral bus connected, computer industry, 
standard, peripheral data storage drives in first example drive being 
a compact disk read only (CD) drive which reads compact disk record 
once format (CD-R) , 

providing of process step 60 uses the component of new art/ a 
universal cryptographic set-top box form of media players (c-MP' s) 
for playing back- custom secret key encrypted, high, definition 
television (HDTV) broadcasts and standard definition television 
(SDTV) broadcasts, as well as for playing custom secret key 
encryptedy cable channel programming, as well as for playing custom 
secret key encrypted satellite, television programming which are, based 
upon- a^ more- powerful, cryptographic media player computer 
architecture (c-MP) , 

providing of process step 60 uses the component of new art/ a 
cryptographic micro-mirror module (c-MMM) -commercial theater 
projection- theater sound units which are special cryptographic media 
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players which use prior art, more than one. drive, digital versatile 
disk read only (DVD) drive units which also read digital versatile 
disk record (DVP-X) formats, furthermore, the DVD-X disks contain 
custom encrypted compressed digital media which can be decrypted only 
with a corresponding , unique/ smart card programmed in a prior art, 
standard, personal computer (PC) over the wire tapable Pred bus? ) 
Internet as a special media ticket smart card usin^ the methods of 
the present inventor's patent, 

providing o f process step 60 uses the component of prior art, a . 
modified secure operating system (secure-OS) for world wide web (WWW) 
server computers which will custom customer session Jcey encrypt a 
vendor, secret key encrypted digital master., and electronically 
distribute custom, encrypted digital media masters, using firewalls/ 
using anti-viral software updated weekly, using network protocol 
converters, using standard layered security methods, and using % inner 
sanctum' prote,QtiQn for vendor session key q>r Qne-t.i*&e secret, key 
encrypted digital media masters, 

providing o f process step 60. uses the component of prior art, a 
world wide web (WWW) transmission control proto col -inte rnet protocol 
(TCP-IP) command protocol stack program for Internet connectivity, 

providing of process step 60 uses the component of prior art, 
standard, a plurality of cryptographic mathematics, algorithms, 
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providing of process step 60 uses the component of prior art f a 



plurality of public key cryptography algorithms which create public 



keys and private keys, 



providing of process step 60 uses the component of prior art, a 
plurality of secret key cryptography algorithms which create secret- 
keys and session keys (1-timc secret keys) and also play counts or 
access counts or media decryption counts and play codes (session keys 
or 1-tiiae secret keys), 

providing of process step 60 uses the component of prior art, a 
plurality of hybrid key cryptography algorithms which are combined 
public . key atnd private key cryptography algorithms (prior art) , 

providing of process step 60 uses the component of prior art, a 
plurality of private key and secret key splitting algorithms, 

providing of process step 60 uses the component of prior art, a 
plurality of private key and secret key escrow techniques, 

providing o f process step 60 uses the component of prior art, a 
plurality of algorithms used to generate: cryptographic keys which 
are the collective public keys, private keys, secret keys, session 
keys {1-time use only secret keys), play counts, play codes, 
passphrases-passcodes, 



providing o f process step 60 uses the component of prior art, a 



plurality of computer cryptography protocols, 
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providing of process step 60 uses the component of prior art; a 
plurality of pass-thru encryption algorithms for transmitting secure 
data over wiretapable computer buses ( *red buses' ) f 

providing e £ process step 60 uses the component of prior art, 
standardised form, a plurality of lossy compressed digital media 
algorithms with first example algorithm being given as MPEG X (R ) 
based upon a SyGA (R ) video format and also newer UXGA (R ) higher 
resolution video formats, second example algorithm being given as MP3 

(R } bas&d upon pulse code modulated (PCM / s) audio sound only, third 
example algorithm being given as JPEG X (ft ) for still color 
photography only with JPEG being discrete cosine transform (OCT) 
based and JPEG 2000 being fast wavelet transform (FWT) compression 
based, fourth example algorithm being given as fast wavelet transform 

(FWT) audio-video, fifth example algorithm being given as proprietary 
Advanced Audio CODEC (R ) (AAC (R )) using a FWT algorithm variant, 
sixth example algorithm being given as Fraunhofer Institute of 
Germany's, fast wavelet transform (FWT) audio (R ) who are the 
original international patentees for convolutional coding based lossy 

r 1 

digital compression, 

providing of process step 60 uses the component of prior art, a 
transmissions control protocol/internet protocol (TCP/IP) for 
Internet connectivity, 

providing of process step 60 uses the component of prior art, a 
secure internet protocol layer (secure IP layer) layer of internet 
da ta encrypt i on , 
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providing of process step 60 uses the component of prior, art, a 
secure sockets layer (SSL) layer of Internet data encryption,, 

providing o f process step 60 uses the component of prior art/ 3 
plurality of world wide web (WWW) server standard interchange file 
language with first example protocol being hyper-text mark-up 
language (HTML) , second example protocol being extensible business 
mark-up language (XBML or XML) , and third example protocol being 
generalized-text mark-up language (CTML) , 

providing o f process step 60 uses the component of a plurality of 
world wide web (WWW) client standard interchange file languages with 
first example being hyper-text mark-up language (HTML) , 

generating of a set of common system keys which is the process 
done by the media ticket smart card, system authority's, party S y s, 
dedicated public key generation authority, party G, while having 
absolutely no access to customer identif i cat ions, 

generating of unique per vendor, common look-up table 
distributed, media distribution vendor cryptographic keys 
eventually used in cryptographic digital signal processors (C- 
DSP's) for eventual manufacturing into cryptographic media players 
which is the process done by the media ticket smart card system 
authority's, party S's, dedicated public key generation authority, 
party G, while having absolutely no, access to customer 
ident i f icat ions , 

427 of 737 



generating of a unique media ticket smart card cryptographic key 
set -which is the process done by the media ticket smart card system 
authority's, party S's, dedicated-public key generation authority, 
party G, while having absolutely no access to customer 
ident i f icat ions , 

distributing of a set of cryptographic digital signal processors 
(C^DSP's) which is the process done by the media ticket smart card 
system authority's/ party S f S/ dedicated public key distribution 
author! ty, party D, distributing cryptographic digital signal 
processors (C-DSP' s) to media distribution vendors, parties Vh, for 
manufacturing into cryptographic media players called cryptographic 
set-top boxes while having absolutely no access to whole 
cryptographic keys/ 

distributing of the media ticket smart cards which is the 
process done by the media ticket smart card system authority' s, 
party S*S/ dedicated public key distribution authority/ party T>, 
distributing media ticket smart cards Lo media distribution vendors 
for selling to customers while having absolutely no access to whole 
cryptographic keys, 

escrowing of the split cryptographic keys which is the process 
done by the central key generation authority/ party G, safe- 
guarding the split cryptographic customer keys, and split 
cryptographic vendor keys in an entirely secure and confidential 
manner with legal first means for simple customer identification 
and lost key recovery, second means for disputed ownership court 
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ordered recovery, and third means for court ordered only use by law 
enforcement/ 

layering for a federated cryptography architecture which is the 
process done by the media ticket smart card system authority/ party 
S 7 creating a federated architecture of cryptographic authority 
with 3-laycrs, a central layer composed of the media ticket smart 
card system authority/ a local layer composed of authorized media 
distribution companies Vn, and a user layer composed of customers, 

preparing of play codes and play counts which is the process 
done by the authorized digital media distribution company/ party 
Vn, preparing play codes (session keys or one-time secret keys); 
play counts {paid for numbers of plays or counts of free trial 
plays)/ and custom encrypted digital media for downloading to each 
customer, 

downloading to customer, party A, which is the process done by 
the authorized digital media distribution vendor , party Vn, using 
hybrid key cryptographing steps of hybrid key cryptographic digital 
media distribution from a central media distribution authority 
hosted on a web server to multiple personal computer (PC) based web 
clients of encrypted play codes (one-time secret keys or session 
keys) with header and encrypted play counts (paid for counts of 
plays or decryptions-/ or else counts of free trial plays) with 
header for deposit into media ticket smart cards attached to 
personal computer (PC) media ticket smart card readers/ and one-way 
transfer of custom session key encrypted digital media which is 
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pre-unique vendor secret key encrypted for deposit into physical 
digital media inserted into media drives attached to personal 
computers (PC's), 

delivering by foot which is the process done by the customer, 
party A, of physically transferring a programmed media ticket smart- 
card from the customer's, party A's, personal computer {PC) to any 
person's said cryptographic media player with its embedded said 
cryptographic digital signal processor (C-DSP) means with a built- 
in media ticket smart card reader, 

custom broadcasting to customer, party A, which is the process 
done by the authorized digital media distribution vendor, party Vn, 
using hybrid key cryptographing steps of hybrid key cryptographic 
digital media distribution from a central media distribution 
authority hosted on a broadcast server- to multiple homes or 
businesses having cryptographic set-top boxes for one-way transfer 
of custom session key encrypted , di gi tal roedi a for possible digital 
recording iaLo physical digiLal media ins er Led inLo media drives 
attached to an attached digital recorder, 

pass-thru encrypting means involving several processes and 
components for transferring any type of digital data securely from 
the media ticket smart card up to said cryptographic media player 
or said cryptographic set-top box with its embedded said 
cryptographic digital signal processor (C-DSP) means with first 
example pass-thru encrypting means being common family key or 
shared secret key encryption which is known to be vulnerable to a 
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single point of attack, second example pass-thru encrypting means 
being a pre -embedded/ common look-up table of unique vendor public 
key and matching private keys with organizational means involving 
several processes and components such as first organizational means 
being a row, column table indexed by a vendor identification 
number, third example pass-thru encrypting means being a pre- 
embedded common look-up table of unique vendor secret keys with 
organizational means involving several processes and components 
with first organizational means being a row, column table indexed 
by a vendor identification number, 

pass-thru encrypting return means involving several processes 
and components for, transferring any digital data from said 
cryptographic media player or said cryptographic set-top box with 
its embedded said cryptographic digital signal processor (C-DSP) 
means to the media ticket smart card with first example pass- thru 
encrypting return means being common family key or shared secret 
key encryption which is known to be vulnerable to a single point of 
attack, second example pass- thru encrypting return means being a 
pre-embedded, common look-up table, of unique, vendor public key and 
matching private keys with organizational means involving several 
processes and components such as first organizational means being a 
row, column table- indexed by,, a. vendor , identification number, third 
example pass-thru encrypting return means being a pre-embedded 
common look-up table of unique vendor secret keys with 
organizational means involving several processes and components 
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with first organizational means being a row, column table indexed 
by a vendor identification number, 

initialising before playing which is the process done by the 
custodier, party A, of preparing any party's cryptographic media 
player or .said cryptographic set-top box for his own custom 
broadcast encrypted digital media and his own media ticket smart 
card, 

authenticating by customer triangle authentication which is the 
process done by said cryptographic set- top box with its embedded 
said cryptographic digital, signal processor (OPS?) means, 

transferring of cryptographic keys to said cryptographic media 
player or said cryptographic set -top box with its embedded said 
cryptographic digital signal processor (C-DSP) means by pass-thru 
encrypting means of cryptographic keys which is the process done by 
the cryptographic set-top box to receive encrypted play codes with 
header and encrypted play counts with header from the media ticket 
smart card n transferred over wiretapable computer buses to the 
set-top box's own cryptographic memory (TNV-EEFROM) for access by 
its; cryptographic digital signal processor (C-DSP) means, 

transferring ol cryptographic keys away from said cryptographic 
media player or said cryptographic set-top box with its embedded 
said cryptographic digital signal processor (OD5P) means by pass- 
thru encrypting return means of cryptographic keys which is the 
process done by the cryptographic set- top box's cryptographic 
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digital signal processor (C-DSP) means to transfer encrypted play 
codes with header and encrypted play counts with header both with 
cryptographic digital signal processor (C-DSP) means incremented 
sequence counts to the media ticket smart card A transferred over 
wiretapable computer buses , 

authenticating using media triangle authentication which is the 
process of matching the unique digital media with its matching 
unique play code by the method done by said cryptographic set -top 
box with its embedded said cryptographic digital signal processor 
(C-DSP) means using digital media triangle authentication using 
sample reads of test data with successful decryptions, 

cryptographihq using hybrid key cryptography which is the 

process done by said cryptographic media player or said 

cryptographic set- top box with its embedded said cryptographic 

digital signal processor (C-DSP) means using hybrid key 

cryptography which is the process which uses px?blic key 

cryptography Lo authenticate remoLe parlies, do digital tsignat urea 

to authenticate digital media and establish media integrity with a 

remote party/ and encrypt one-time secret keys known as session 

keys jssk-n) , used for only one session, which said session keys 

are sent to a remote party who decrypts them for storage in his own 

tamper resistant, non-volatile memory (TNV-EEPRQM) embedded on his 

black, cryptographic computing unit in the example of a 

cryptographic digital signal processor (C-DSP) means and a 

cryptographic central processing (C-CPU) unit which said session 

keys may be later stored in tamper resistant non-volatile memory 
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( TNV-EEFRQM) embedded in a media ticket smart card where they are 
referred to as play codes with paid for and authorised play counts, ■ 

accounting by said cryptographic media player or said 
cryptographic set-top box with its embedded said cryptographic 
digital signal processor (C-OSP) means which is the process using 
hybrid key cryptography digital media playing of one-way transfer 
of cxistom session key encrypted digital media owned by party n in a 
controlled access manner mostly for financial accounting purposes 
which uses the play codes (session key or one-time secret key) and 
play counts (paid for number of plays or count of free trial plays) 
contained in media ticket smart cards, 

playing by said cryptographic media player or said cryptographic 
set-top box with its embedded said cryptographic digital signal 
processor (C-DSP) means which i s the process using hybrid key 
cryptography which is the process of using hybrid key cryptography 
to do digital media playing in a controlled access manner using 
play codes (session key or one- Lime secret keys) and play counts 
(now contained within registers in the cryptographic digital signal 
processor (C-DSP) means and also the double secret key decryption > 
of a unique customer session key decryption followed by a unique 
vendor secret key encryption, used directly used upon the custom 
encrypted one-way transfer of custom session key encrypted digital 
media which is pre-unique vendor secret key decrypted with sequence 
number checks for countering recorded replay attacks/ 
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viewing of electronic television guide (TV guide) picture in a 
picture (PIP) viewing and channel selection and future program 
recording such as through an example graphical user interface (GUI} 
means of a "spreadsheet type" or "matrix type" of display 
accomplished through a annotated text data means involving several 
processes, **hich iq now with the inventor f o crooo referenced 
invention [R£F 512] which uoca a new cryptography "silhouottc - like ^ 
technique extension to the MPEG IV standards for very efficient 
carrying of limited digital television guide information which can 
easily be removed in a ML'HG k docomproooion circuit for g ending to 
video RAM and mibnoquont display in a digital picture in a picture 
(PIP) on a digital monitor> 

escrowing retrieval of lost, stolen/ or disputed ownership media 
ticket smart cards which is the process done by the customer, party 
n, which collection of processes of or methods of invention sets 
systems standards and integrates components into a system which can, 
be used in the future for new forms of internationally standardized 
cryptography sanctioned by industry trade groups such as the 
Recording Industry of America Association (RIAA) y the Secure 
Digital Music Initiative (SDMI), the US National Association of. 
Broadcasters (NAB) , and aioo national standards agencies such — as 
the. American National Stnndardn Inntitatc (ANSI), Nation al 
Inatitutc for Standardo and Technology (NIST) > or International 
Telegraphy Union (ITU)'./ ? 
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whereby the present invention creates several processes in doing 
digital media distribution over the prior art Internet using secure 
World Wide Web (WWW) servers involving the cryptographically secure 
transfer or download to personal computers (PCs) of digital media with 
subsequent transfer to cryptographic media players , 

whereby the present invention creates several processes in 
safeguarding multi-million dollar digital masters. 
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PROCESS STEP 61» The process of or methods of claim 60 whereby the 
process of public key cryptographing is done for authentication by 
said cryptographic media player or said cryptographic set-top box 
with its embedded said cryptographic digital signal processor (C-DSP) 
means using prior art, public key cryptography algorithms which is 
the process of using public key cryptography authentication, 
encryption/ and decryption using public keys (puk-n) , and private 
keys (prk-n) f stored within tamper resistant non-volatile memory 
(TNV-EEPRQM) embedded within non-wiretapable ("black"} cryptographic 
computing units in the example of cryptographic digital signal 
processors (C-OSF) means. 
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PROCESS STEP 62 » The process of or methods of claim 60 whereby 
the process of secret key cryptographing uses prior art / secret key 
cryptography which is the process done by said cryptographic media 
player or said cryptographic set-top box with its embedded said 
cryptographic digital signal processor (ODSP) means using secret 
key cryptography which is the process of using secret key 
cryptography with a non-wiretapable ("black") bus, cryptographic 
computing unit in example of a cryptographic digital signal 
processing {C-DSP) means using secret keys (sek-nj, or session keys 
(ssk-n), stored upon tamper resistant, non-volatile memory (TNV- 
EEFRQ&} , using the following sub-process: 

cryptographing using fast hardware session key cryptography 
which is the process done by a cryptographic digital signal 
processor (C-DSP) means inside of a cryptographic set-top box using 
hardware secret key cryptography which is the process of using a 
dedicated hardware secret key sub-processor which is embedded 
within a secure ("black"), cryptographic digital signal processing 
(C-DSP) means with access to higher level tamper resistant non- 
volatile (TNV-EEFRQM) ("black") memory for cryptographic key 
storage of private keys and secret keys, which hardware secret key 
sub^processor is much faster than software for secret key 
cryptography and is intended for fast, secret key cryptography 
encryption and decryption of block transferred digital media » 
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PROCESS STEP 63. A specific method of or process for rifting public key 
cryptography over an open systems architecture in a totally 
cryptographically secure manner meant for saf eguarding multi-million 
dollar digital masters for the process of commercial movie distribution 
involving fully digital micro-mirror modules (MMM) which open systems 
architecture includes existing prior art components to give new art 
systems processes oi: 

providing of process step 63 uses the component of prior art, a 
tamper- resistant non-volatile electrically erasable programmable 
read-only memory (TNV-EEPRQM) which can be in an external dedicated 
chip and also in an on-chip micro-controller design, which is used to 
hold embedded, brief in length/ cryptographic computer programs , 
cryptographic system keys with first example cryptographic keys being 
family keys or shared secret keys, second example cryptographic keys 
being cryptographic private keys, third example cryptographic keys 
being secret iceys, fourth example cryptographic keys being session 
keys, and fifth example cryptographic keys being cryptographic public 
keys/ 

providing of process step 63 uses the component of prior art, an 
electrically erasable programmable read-only memory (EEPROM) which 
can come in a larger dedicated chip and also in an on-chip micro- 
controller design, used to hold, non-secure, computer programs 
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(firmware) which are usually stored on separate and dedicated EEPRCS4 
memory chips *?hich are connected to the digital computer processor 
through an input-output (I/O) bus with an on-processor instruction 
cache usually made of two layers: a LI cache of faster, static RAM, 
and a L2 cache of very fast/ associative memory or on-chip banked 
registers used to locally hold pages of operational codes (op codes) 
for fast execution, 

providing of process step 63 uses the component of prior art, a 
static random access memory (SRAM) which can come in a larger 
dedicated chip and also in an on-chip micro-controller design with an 
on-chip input -output (I/O) bus with SRAM preferred over DRAM on-chip 
for faster speed and no need of a memory refresh cycle at the cost of 
one-fourth less bit density, for faster temporary storage of dynamic 
data which is usually in the form of separate and dedicated SRAM 
memory chips which are connected to the digital computer processor 
through an input-output (I/O) bus with an on-processor data cache of 
one or more levels (LI cache being SRAM and L2 cache being 
associative memory or registers) used to locally hold pages of 
dynamic computer data for fast data cache access, 

providing of process step 63 uses the component of prior art/ a 

dynamic random access memory (DRAM) which can come in a larger 

dedicated chip and also in an on-chip micro-controller design using 

an on-chip input-output (I/O) bus with on-chip SRAM preferred over 

DRAM in micro-controllers for faster speed and no memory refresh 

cycle, with the latest example of fast DRAM being duo-data rate/ 

synchronous, dynamic random access memory (DDR-t SDRAM) which can hold 
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either, operational codes (for non-firmware based computer. programs) 
or dynamic data {especially large arrays and large chunks of data 
such as video *frame buffers'), with the DRAM being an acknowledged 
bottle-neck on the central processor unit (GPU) bus with another 
greater bottle-neck being the transfer of digital data over the 
peripheral device or input -output (I/O) bus and its much slower often 
electro-mechanical input-output (I/O) devices, 

providing o f process step 63 uses the component of prior art, a 
low-cost, low- throughput, cryptographic embedded micro-controller (c~ 
uCtlr) with scalar control operations, slow fixed-point arithmetic 
processing, and very slow, floating point interpreter based floating 
point processing (lacking a hardware floating point unit (FPU) ) f as 
used in a prior art, 8-bit, single chip solution, micro -controller 
based, smart card as widely used in Europe for over twenty years with 
universal success over-coming in all forms of human abuse and adverse 
weather conditions, with said tamper resistant non-volatile memory, 
random access memory (TNV-EEPROM) / holding both cryptographic keys 
and very limited amounts of embedded secure cryptographic algorithm 
firmware for the entirely on-chip execution of cryptographic 
algorithms (secret key encryption-decryption/ public key encryption- 
decryption, message digest ciphers (MDG's), message authentication 
ciphers. (MAC sj ) , f urthermore, possessing an on-chip input-output 
(I/O) bus in a micro-controller architecture with on-chip limited, 
static random access, memory (SRAM) for fast dynamic data storage, and 
on-chip limited electrically erasable programmable read only memory 
(EEPRCM) lor computer firmware program storage, furthermore, 
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possessing a wiretapable ( x red' ) smart card serial data bus to the 
external world -which is used for initial unique customer access code 
communications from a digital computer into the smart card to 
activate it, and then is subsequently used for reverse direction 
communications of internal smart card secure memory values 
representing cash to debit and also accounting access counts used in 
pass-thru encryption to transfer encrypted { *cipher-text y ) data from 
the cryptographic micro-processor (c-uP) inside the smart card to a 
smart card reader and pass-by processing proceeding to a digital 
computer which must, do pass-thru decryption and pass-thru encryption 
for frhe return closed feed-back- response communicat ions , exchange o f . 
possibly debited monetary values or incremented access counts needing 
secure storage in the smart card, 

providing of process step 63 uses the component of prior art, the 
smart card used for media ticket applications containing tamper 
resistant, non-volatile memory (TNV-EEFRQH) for key storage as part 
of cryptographic embedded micro-processors (c-u? f s) , 

providing o f process step 63 uses the component of prior art, 
serial data computer communications interfaces such as a personal 
computer (PC) based, serial bus connected (e,g. Universal Serial Bus 
or USB bus, and the faster and longer distance but more expensive, 
IEEE 1394 serial bus ( *Fire wire bus f ) ) , used to connect a personal 
computer (PC) to a digitized human fingerprint reader and for other 
computer peripheral purposes, 
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providing of process step 63. uses the component of prior, art, a 
smart card reader means involving several invention processes -which 
simply reads the customer inserted smart card's pass-thru encrypted 
data and passes it over wiretapable ( *red* ) buses to the digital 
computer, furthermore , a first example form of smart card reader 
means has physical metallic contacts with a power pin used to re- 
charge any smart card internal battery from an additional AC power 
ling going into the, smart card reader and suitable voltage conversion 
and regulation electronics, furthermore f a second example smart card 
reader means is a popular class of prior art/ smart, cards which have 
an optical interface which lacks- any form, of .smart ..card, battery re- 
charging capability but has improved durability/ a third example 
smart card reader is a prior art, integrated smart card reader with 
bio-ID digitized fingerprint reader/ furthermore/ the smart card 
reader is a dumb and iuexpeiisi ve computer serial data bus device with 
a first example serial communications interface being a prior art/ 
serial data bus given as a universal serial bus (USB) providing 
maximum 3,0 Kega bits/second data transfer over a maximum 3*5 feet 
distance, which has no local area networking (LAN) interfaces which 
must be provided by the attached digital computer/ a second example 
serial communications interface being a prior art, IEEE 1394 (*Fire 
wire 7 ) serial data bus which transfers a maximum of 10,0 Mega 
bits/second at a distance of up to a maximum of 10.0 feet, 

providing of process step 63 uses, the component of prior art/ 
biological-identification (bio-IP) reader means which attach to 
personal computers (PC's) using a low-cost serial data bus such as a 
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universal serial data bus (USB bus) with a first example bio^ ID 
reader means being a smart card reader with piggybacked/ integrated,, 
digitized fingerprint, bio-identification (bio-IB) reader for very 
customer convenient use, with an example customer use of a low 
security and unattended by a ^warm-blooded' authorized gate-keeper, 
bio-IP means of *warm-blooded f index finger insertion into a 
digitized fingerprint reader and smart card insertion at the same 
time, a second example bio-ID reader means is a prior art, smart card 
reader with external AC power supply and power conversion and 
regulation transformers along with a piggy-backed %?arm-blooded # iris 
scan reader digital videos camera. electronics -which . said. iris scan 
reader is attached by IEEE 1394 PFire wire' ) digital cable to a 
digital video camera, 

providing of process step 63 uses the component of prior art, an 
internet protocol (IP), wide area network (TP; WAN)/ 

providing o f process step 63 uses the component of prior art, a 
world wide web server {WWW) or web or graphics rich pur Lion o£ the 
Internet web server computer, 

providing o £ process step 63 uses the component of prior art, a 
personal computer (-PC) , which is non-cryptographically secure, 

providing o f process step 63 uses the component of prior art, a 
personal computer (PC) web client, 

providing of process step 63 uses the component of prior art, a 

personal computer (PC) peripherals, 
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providing of process step 63. uses the- component of prior art, a 
data entry devices of an on-board protected electronic device/ toggle 
field with a prior art liquid crystal display (LCD) for entry of the 
unique customer passphrase with closely corresponding passcode entry, 

providing o f process step 63 uses the component of prior art, a 
data entry device of computer keyboards used for unique customer 
password, and passphrase^passcode entry with wiretapable ( % rexl bus') 
computer keyboard buses vulnerable to -the known prior arty hacker 
tools of both software and hardware based keyboard capture buffers, 

providing of process step 63 uses the component of prior art,, a, 
banked-EEFRCM card reader-writer, connected by, a, prior art, serial bus 
connected with first example serial bus being the Universal Serial 
Bus (ft ) (USB bus) connected banked non-volatile memory chip card 
reader-writer serial bus interface unit to an electronic device, with 
first example banked non-volatile memory chip card unit which inserts 
into the reader being a banked/ electrically erasahle programmable 
read only memory (banked- EE PROM) card unit (e»g. Sans Disk (R ) card, 
or SD (R. ) card) r and second example banked nonvolatile memory chip 
card unit being a single/ large chip tamper-resistant non-volatile 
electrically erasable prograiTimable read-only memory (TNV-EEPRQM) 
(e.g» Memory Stick (R ) chip), 

providing of process step 63 uses the component of prior art/ a 
personal computer's (PC's) peripheral data storage devices such as 
hard disk drives (hud's)/ compact disk (CD) record once (CD-R (R )) 
drives/ compact, disk read-write (CD-RW (R )) drives which all offer 
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^backwards compatible ' CD media which can be used, in read-only modes 
compatible with older/ existing read-only CD drives (CD) , also 
writable digital versatile disk (DVD) drives (e.g. DVD+RW (R ), DVD- 
RW (R ) , DVD-RAM (R ) which all offer ^backwards compatible' media 
which can be used in read-only modes compatible with older, existing 
read-only DVD drives (DVD-ROM) , 

providing o f process step 63 uses the component of prior art, a 
personal computer 's (PC's) based peripheral data storage media units 
(e.g. back-up devices, video devices, fast floppy drives (e.g> Iomega . 
(R ) Zip (R ) drives), removable hard disk drives (removable HDD) 
(e.g. Iomega Jazz (R ) drives))/ 

providing of process step 63 uses the component of prior art, a 

cryptographic digital signal processor (C-DSP) means designed for 

low-cost, very fast digital processing of fixed-point number array or 

arrays of fixed radix numbers having limited necessary precision 

typically less than 3?-bits arranged in matrix arrays (3,?-bit 

iiiLegers wiLh an assumed radix poinL which coimoL move with a delaulL 

assumed decimal point which cannot move) as popularly used in the 

Texas Instruments (TI). TMS-320 DSP and also the AT&T D5P-1, with 

major DSP features being an accumulator based design with arithmetic 

operation over- flow handling, ho-overflow registers, pipelined design 

to DRAM connected over a central processor unit bus, constants for an 

(i)th round held as register variables for quick update for the (i +. 

l)th round, and prog ramming -time, programmable firmware libraries 

supporting flexible digital signal processing for different 

applications, furthermore, giving fast scalar control processing 
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without a need for floating point operation re-normalization based 
upon exponents/ with a floating point interpreter for limited 
floating point operations involving floating point number formats 
with exponents, furthermore/ also having additional silicon compiler 
designed components of embedded tamper resistant non-volatile 
electrically erasable programmable read only memory (TNV-EEPROM) with 
a first example cryptographic digital signal processor {C-DSP) means 
being a standard DSP combined with the silicon compiler functions of 
the prior art, US National Institute of- Standards and Technologies 
(NiST's) Clipper chip/ which is the Skipjack secret key algorithm 
imp 1 erne n t ed , i n . a s i 1 i co n , cro tnp i 1 e r a 1 o ng w i th t ampe r r e s i s ta n t no n- 
volatile memory (TKV-EEPROM) , sub-circuit/ single integrated circuit 
( % single chip IC solution' ) design giving stream cipher and block 
cipher encryption and decryption functions (additionally used in the 
prior ail/ Capstone program using a plug- in PC card (R ) lormaL once 
called PCMCIA having an embedded Clipper ASIC chip comparable to a 
prior art smart card program) , which were both programs and standards 
were based upon the dedicated/ custom designed ASIC, hardware 
integrated circuit (IC) implementation of the National Security 
Agency (NSA) developed/ classified Clipper chip implementing the 
Skipjack secret key algorithm with on-chip tamper resistant non- 
volatile memory (TNV-EEFRQM) , second example cryptographic digital 
signal processor (C-DSP) means being standard digital signal 
processing (DSP) functions combined with silicon compiler functions 
implementing the Chandra patent (US Patent Number 4,817,140 issued on 
March 28, 1989 and assigned to IBM Corporation), and third example 

cryptographic digital signal processor (C-D5P) means being numerous 
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other US Patents and also public art, non-patented technical 
literature, 

providing o f process step 63 uses the component of prior art, a 
cryptographic digital signal processor (C-DSP) means intended for 
very fast processing of large fixed-point arrays of fixed-point or 
fixed radix numbers as shown in the prior art, Texas Instruments fTI) 
TMS-320 DSP and also the AT&T DStF-l, additionally containing a 
cryptographic hardware secret key algorithm sub-processor/ tamper 
resistant non-volatile electrically erasable programmable read only 
memory { TNV-EEPRQM ) , random access memory (RAM) , analog to digital 
signal converters (ADC? , moving picture electronics group standards X 
(MPEG X) hardware decompression only circuitry for digital 
audio/ video, digital audio/ video signal artificial degradation 
circuitry, digital to analog signal converters, and digital signal 
processing of digital audio/video signals circuitry, 

providing of process step 63 uses the component of new art, 
cryptographic digital signal processor (C-D5P) means designed fox 
low- cost, very fast/ digital processing of fixed-point number arrays 
as shown in the prior art, popularly used, Texas Instruments TMS-32Q 
DSP and also the AT&T DS.P-1, furthermore, having additional silicon 
compiler designed components adding embedded tamper resistant non- 
volatile electrically erasable programmable read only memory (TNV- 
EEFROM) for secure cryptographic key storage, along with both tamper 
resistant to pin-probers, and cryptographically protected on-chip, 
firmware implemented new art, byte-oriented, secret key algorithm 

based secret key encryption and decryption for both stream oriented 
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and block oriented encryption and decryption processes , with on-chip 
hardware and firmware library support for both secret key and public 
key algori thins such as an electronic true random number generator, an 
on-chip hardware floating point unit (FPU) for processing large 
blocks of secret key encrypted and decrypted data using newer y> 2003 
firmware based, byte oriented/ secret key algorithms such as Advanced 
Encryption Standard {AE3) , an extremely large integer to an extremely 
large integer exponentiation unit using the binary square and 
multiply method commonly used in public key cryptography, with 
additional on-chip silicon compiler designed hardware support for 
digital decompression (read-only), algorithms, with additional on-chip 
silicon compiler support for digital compression algorithms, with 
additional on-chip silicon compiler support for forward error 
detection and correction coding (e.g. Reed-Solomon or RS coding) done 
in the encoding process sequential order oi digi tally compress, error 
correct, and encrypt, with decoding done in the exact opposite 
sequential process order, with a first example C-DSP means being 
discussed broadly in the present inventor's present patent's 
technical material which is not subject to this present over- all 
system' s or methods patent application which uses such a device as a 
provided hardware component, 

providing of process step 63 uses the component of a new art, 
programmable gate array logic (GAL) form of high density, application 
specific integrated circuit (ASIC) with embedded cryptographic 
digital signal processor (C-DSP) means functions as mentioned in the 
paragraph just above, 
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providing of process step 63 uses the component of new art, a 
cryptographic digital signal processor (C-DSP). means designed for 
very fast execution of fixed-point number arrays such as the popular 
Texas Instruments TMS-320 and also the AT&T- DSP-1, furthermore, 
having additional silicon compiler based embedded, prior art, 
cryptographic hardware secret key algorithm sub-processors based upon 
prior art, standardized, secret key algorithms with an example 
algorithm being giyen as IBM 7 s patented Data Encryption Standard 
(PES), with on-chip firmware support, an on-chip hardware floating 
point unit (fe'PU) for processing large blocks of secret key encrypted 
and decrypted data using newer y. 2003 firmware based, byte oriented, 
secret key algorithms such as Advanced Encryption Standard (ASS), an 
extremely large integer to an extremely large integer exponentiation 
unit using the binary square and multiply method commonly used in . 
public key cryptography, with additional oa-chip silicon compiler 
designed hardware support for digital decompression (read-only) 
algorithms, with additional on-chip silicon compiler support for 
digital compression algorithms, with additional on-chip silicon 
compiler support for forward error detection and correction coding 
(e.g. Reed-Solomon or RS coding) done in the encoding process 
sequential order of digitally compress, error correct, and encrypt, 
with decoding done in the exact opposite sequential process order, 
which in turn are silicon compiler design embedded hardware sub-units 
inside of said prior art, cryptographic digital signal processors (C- 
DSP's), 



450 of 737 



f 



providing of process step 63 uses the component of prior art, a 
cryptographic micro-processor (c-uP) or a central processing unit 
(CPU) such as an Intel Pentium (R ) CPU with a control unit, and also 
with an integrated fast / hardware, floating point unit (PBU)> 
integrated memory management unit (MECU) , integrated instruction and 
data cache unit, integrated bus interface unit (B1U) , and additional 
proposed subset functionality of a C-DSP means including integrated 
tamper resistant non-volatile electrically erasable programmable read 
only memory (TNV-EEPROM) , all on a single chip, which has impedance 
monitored intermetallic deposition layers protecting the entire chip 
from illegal pin probers jised. by .hackers targeting the on-chip 
architecture including the protected ( s hlack r ) on-chip buses, and 
also for protecting the entire chip from wiretapping pin probers used 
to illegally read cryptographic keys stored on the on-chip said 
embedded, tamper reals LanL non- volatile electrically erasable 
programmable read only memory (TNV-EEFRQM) , with the main anti-tamper 
means being the automatic on-chip erasure of cryptographic memory 
(TNV-EEFRQM) holding all cryptographic keys upon the fully automatic 
detection of any signs of chip tampering, 

providing of process step 63 uses the component of new art, a 
cryptographic computing based unit (C-GPU) also having a subset of 
cryptographic digital signal processing (C-DSP) means having muc:h 
more on-chip, hardware, floating point (FPU) throughput capacity than 
the C-DSP chip and a more powerful memory management unit (MMU) 
capability, while having subset security functionality as the 
cryptographic digital signal processor unit (C-DSP) means being on- 
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chip tamper, resistant non-volatile electrically erasable programmable 
read-only memory (TNV-ESPRQM) or cryptographic memory for both 
cryptographic key storage and cryptographic algorithm firmware 
storage, automatic on-chip impedance monitoring of a whole chip 
inter-metallic layer with automatic erasure of cryptographic memory 
upon tamper detection, silicon compiler library designed on-chip 
functions with automatic placement and routing, on-chip support for 
read-only commercial players using an embedded C-CPU of a tamper 
protected, error detection or correction unit (e>g> Reed-Solomon 
unit) , on chip support for read-only commercial players using an 
embedded O0P17 of- a tamper protected { *b-laok-. un-i-fc* ) , embedded, secret - 
key decryption sub-unit which supports both dedicated hardware and 
dedicated firmware secret key decryption of play-back mode only, 
uniquely secret key encrypted, commercial media/ on-chip tamper 
protected, digital de-compression only support in play-back only mode 
for standard form digital media (e,g. MP 3 being discrete cosine 
transform (DCT) based, MPEG X being discrete cosine transform {DCT) 
based, fast wavelet transform (FWT). audio^video being convolutional 
coding based, JPEG being discrete cosine transform (DCT) based, JPEG 
2000 being fast wavelet transform (FWT) or convolutional coding 
based, Fraunhof er Institute of Germany 7 s, fast wavelet transform 
(FWT) audio (R ) convolutional coding, AAC (R ) brand convolutional 
coding) widely used in commercial media players, with more general 
bi-directional use in crypto-cell phones and crypto- hand- he Id 
computers for similar on-chip support respecting relevant process 
sequential orders being digitally compress media, encrypt media, 

error detection bits added, which must be undone in cryptography in 
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the exact reverse sequential order , for the hardware and firmware 
based encryption and decryption of digital media data, but, without 
current on-chip support for encrypted operation codes (c-op codes) 
usable in the future for cryptographic computer programs and 
cryptographic multi-media programs, with a first example C-CPU means 
being discussed in the present inventor Vs present invent ion, 

providing o f process step 63 uses the component of new art , a non-^ 
cryptographic media player (MP) based upon prior art/ non- 
cryptographic digital signal processor (DSP) means with starting 
functionality of the popular Texas Instruments TMS-320 DSP, 
constructed with serial bus connections to customer insertable and 
removable prior art, smart card reader-writer unit interfaces , and a 
read-only drive unit for standard physical format/ digital media 
which is very similar in computer architecture to prior art, 
electronic-book readers which have a built-in/ very small , liquid 
crystal display (LCD) , and are similar in physical form to non- 
cryptographic compact disk players, 

providing o f process step 63 uses the component of new art, a 

cryptographic media player (c-MP) constructed with said, prior art, 

cryptographic digital signal processor (ODSP) means having serial 

bus connections to customer insertable and removable prior art, smart 

card reader-writer unit interfaces, and also having a read-only drive 

unit for standard media with first example, read-only, media means 

being compact disk record once (CD-R) , second example read-only media 

means being compact di3k compact disk read-write (CD-RW), and third 

example read-only media means being banked non-volatile memory card 
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(banked EE PROM) , and fourth example read-only media means being 



digital versatile disk record once { DVD-R) / 



providing o f process step 63 uses the component of new art, a 
cryptographic personal computer (c-PC) which is created by using new 
art, said cryptographic digital signal processor (C-OS?) mean? based 
plug-in , peripheral or contention bus or input-output bus (I/O bus) 
cards for prior art, personal computers (PC's), with the peripheral 
bus giving an interface to the motherboard's said cryptographic 
central processing unit (OCPU) which in turn has a Universal S&rial 
Bus (USB? interface to a USB based smart card reader, 

providing o f process step 63 uses the component of new art/ a 
cryptographic personal computer (c-PC) having a subset functionality 
of C-D3P means, which is created by using a prior art, standard off- 
the shelf personal computer (PC) design with a cryptographic central 
processing unit (OCPU) with the goal of creating an internal secure 
bus hardware or x blacV bus- completer architecture system also having 
insecure hardware bus or Vred bus' or open wireLapable buses, which 
furthermore regxiires a new art, cryptographic operating system (C- 
OS), 

providing of process step 63 uses the component of new art, a 
cryptographic media player (c-MP) for playing back custom secret key 
encrypted> compressed digital/ audio-video in standard format with 
first example compressed digital audio-video being given as prior 
art, Moving Picture electronics Group Standards X (MPKG X) and second 
example compressed digital audio-video being given as prior art, fast 
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wavelet audio-video digital compression also called convolutional 
coding/ furthermore/ said player contains embedded, cryptographic 
computing units (C-CPU's) with serial bus interfaces to built-in, 
prior art/ smart card reader units, and also having built-ih, prior 
art, input/output (I/O) peripheral bus connected, computer industry 
standard, peripheral data storage drives in first example drive being 
a compact disk read only (CD) drive which reads compact disk record 
once format (CD-R) , 

providing of process step 63 uses the component of new art, a 
universal cryptographic set-top box form of media players (c-MP's) 
for playing, back custom secret key encrypted, high definition 
television (HDTV) broadcasts and standard definition television 
(SDTV) broadcasts/ as well as for playing custom secret key 
encrypted, cable channel programming, as well as for playing custom 
secret key encrypted satellite television programming which are based 
upon a more powerful/ cryptographic media player computer 
architecture (c-MP) , 

providing o f process step 63 uses the component of new art, a 

cryptographic micro-mirror module (c-MMM) -commercial theater 

project ion- theater sound units which are special cryptographic media 

players which use prior art, more than one drive/ digital versatile 

disk read only (DVD) drive units which also read digital versatile 

disk record (DVD-X) formats, furthermore, the DVD-X disks contain 

custom encrypted compressed digital media which can be decrypted only 

with a corresponding, unique, smart card programmed in a prior art, 

standard/ personal computer (PC) over the wiretapable ( % red bus' ) 
. ~~™ ^ ' 455 of 737 ' ~ * 



Internet as a special media ticket smart card using the methods of 



the present inventor's patent/ 



providing o f process step 63 uses the component of prior art, 3 
modified secure operating system (secure-OS) for world wide web (WWW) 
server computers which will custom customer session key encrypt a 
vendor secret key encrypted digital master, and electronically 
distribute custom, encrypted digital media masters, using firewalls, 
using anti -viral software updated weekly, using network protocol 
converters, using standard layered security methods, and using * inner 
sanctum' protection for vendor session key or one-time secret key 
encrypted digital media masters/ 

providing of process step 63 uses the component of prior art, a 
world wide web (WWW) transmission control protocol- internet protocol 
(TCP-TP) command protocol stack program for Internet connectivity/ 

providing o f process step 63 uses the component of prior art, 
standard, a plurality of cryptographic mathematics algorithms, 

providing of process step 63 uses the component of prior art, a 
plurality of public key cryptography algorithms which create public 
keys and private keys, 

providing of process step 63 uses the component of prior art, a 
plurality of secret key cryptography algorithms which create secret 
keys and session keys (1-time secret keys) and also play counts or 
access counts or media decryption counts and play codes {session keys 
or 1-tfme secret keys) , 
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providing of process step 63. uses the component of prior, art, a 
plurality of hybrid key cryptography algorithms which are combined 
public key and private key cryptography algorithms (prior art), 

providing o £ process step 63 uses the component of prior art, a 
plurality of private key and secret key splitting algorithms, 

providing of process step 63 uses the component of prior art, a 
plurality of private key and secret key escrow techniques, 

providing of process step 63 uses the component of prior art, a 
plurality ol aiguriUuus used Lo generate: cryptographic keys which 
are the collective public keys, private keys, secret keys, session 
keys (1-time use only secret keys), play counts, play codes, 
pas sphrases^passcodes , 

providing of process., step 63 uses, the, r component of prior art, a 
plurality of- computer cryptography protocols, 

providing of process step 63 uses the component of prior art, a 
plurality of pass-thru encryption algorithms for transmitting secure 
data over wi re tapable computer buses ( *red buses' ) , 

p : rQvijAing-.o X process step 63 uses the component of prior art, 
standardised form, a plurality of lossy compressed digital media 
algorithms with, first example .algorithm being given as MPEG X (R ) 
based upon a SVGA {R ) video format and also newer UXGA (R ) higher 
resolution video forma La, second example algorithm being given as MP3 
(R ) based upon pulse code modulated (PCM's) audio sound only, third 
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example algorithm being given as JPSG X (R ) for s trill color 
photography only with JPEG being discrete cosine transform (DCT) 
based and JPEG 2000 being fast wavelet transform (FWT) compression 
based/ fourth example algorithm being given as fast wavelet transform 
(FWT) audio-video , fifth example algorithm being given as proprietary 
Advanced Audio CODEC {R ) (A&C (R ) ) using a FWT algorithm variant, 
sixth example algorithm being given as Fraunhofer Institute of 
Germany's, fast wavelet transform (FWT) audio (R ) who arc the 
original international patentees for convolutional coding based lossy 
digital compression, 

providing of process step 63 uses the component of prior art, a 
transmissions control protocol/internet: protocol (TCP/IP) for 
Internet connectivity, 

providing o f process step 63 uses the component of prior art, a 
secure internet protocol layer (secure IP layer) layer of Internet 
data encryption, 

providing of process step 63 uses the component of prior art, a 
secure sockets layer (SSL) layer of Internet data encryption, 

providing of process step 63 uses the component of prior art, a 
plurality of world wide web (WWW) server standard interchange file 
language with first example protocol being hyper-text mark-up 
language (HTML) , second example protocol being extensible business 
mark-up language (XHML or XML) , and third example protocol being 
generalized-text mark-up language (GTML) , 
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providing of process step S3 uses the component of a plurality of 
world wide web (WWW) client standard interchange file languages with 
first example being hyper-text mark-up language (HTML) , 

generating of a set of common system keys which is the process done 
by the media ticket smart card system authority's, party S's, 
dedicated public key generation authority, party G, while having 

absolutely no access to customer identifications, 

generating of a unique per vendor, commonly distributed, set of 
media distribution vendor cryptographic keys eventually used in 
cryptographic digital signal processors (C-DSP's) for eventual 
manufacturing into cryptographic micro mirror modules which is the 
process done by the media ticket smart card system authority's, party 
S T s, dedicated public key generation authority, party G, while having 
absolutely no access to customer identifications, 

generating of a unique media ticket smart card cryptographic key 
set or unique set of customer cryptographic keys which is the process 
done by the media ticket smart card system authority's, party S - s, 
dedicated public key generation authority, party G, while having 
absolutely no access to customer identifications, 

distributing of the cryptographic digital signal processors (Q 

DSP's) which is the process done by the media ticket smart card 

system authority's, party S's, dedicated public key distribution 

authority, party D, distributing cryptographic digital signal 
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processors (ODSF's) to media distribution vendors, parties Vn, for 
manufacturing into cryptographic micro-mirror module players while 
having absolutely no access to whole cryptographic keys, 

distributing of media ticket smart cards which is the process done 
by the .media ticket smart card system authority' s, party S*s, 
dedicated public key distribution authority, party D, distributing 
media ticket smart cards to media distribution vendors for selling to 
customers while having absolutely no access to whole cryptographic 
keys, 

escrowing of the split cryptographic keys which is the process done 
by Lhe central key generation authority, parly G, safe-guarding the 
split cryptographic customer keys, and split cryptographic vendor 
keys in on entirely secure and confidential manner with legal first 
means for simple customer identification and lost key recovery, 
second means for disputed ownership court ordered recovery, and third 
means for court ordered only use by law enforcement, 

layering for a federated cryptography architecture which is the 
process done by the media ticket smart card system authority, party 
S, creating a federated architecture of cryptographic authority with 
3- layers/ a central layer composed of the media ticket smart card 
system authority, a local layer composed of authorized media 
distribution companies Vn, and a user layer composed of customers, 

preparing of a unique play code and a unique play count which is 
the process done by the authorized digital media distribution 
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company, party Vn, preparing said unique play code (a session key or 
one-time secret key) , and said unique play count (a paid for number 
of plays or count of free trial plays), and custom encrypted- dig! tai 
media for downloading to each customer, 

downloading to customer, party A, which is the process done by the 
authorized digital media distribution vendor , party Vn, using hybrid 
key cryptographinq steps of hybrid key cryptographic digital media 
distribution from a central media distribution authority hosted on a 
web server to multiple personal computer (PC) based web clients of 
encrypted play codes (one-time secret keys or session keys) with 
header and encrypted play counts (paid for counts of plays or 
decryptions, or else counts of free trial plays) with header for 
deposit into media ticket smart cards attached to personal computer 
(PC) media ticket smart card readers, and one-way transfer of custom 
session key encrypted digital media which is pre -unique vendor secret 
key encrypted for deposit into physical digital media inserted into 
media drives attached to personal computers (PC's), 

delivering by foot which is the process done by the customer, party 
A, of physically transferring both physical custom encrypted digital 
media and the customer, party A's, programmed media ticket smart 
cards from the customers, party A*s, personal computer (PC) to any 
person's Cf yptografihic micro mifrof module with a built-in media 
ticket smart card reader, 



pass-thru encrypting means involving several processes and 



components for transferring any type of digital data securely from 
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the media ticket smart card up to said cryptographic media player or 
said cryptographic micro-mirror machine module (MMM) with its 
embedded said cryptographic digital signal processor (C-DSP) means 
with first example pass-thru encrypting means being common family key 
or shared secret key encryption which is known to be vulnerable to a 
single point of attack, second example pass-thru encrypting means 
being a pre^embedded, common look-up table of unique vendor public 
kcy^md^match^ 

several processes and components such as first organizational jnneans 
being a row, column table indexed by a vendor identification number, 
third example pass- thru encrypting means being a pre-embedded common 
look-up table of unique vendor secret keys with organizational means 
involving several processes and components with first organizational 
means being a row, column table indexed by a vendor identification 
number, 

pass-thru encrypting return means involving several processes and 
components for transferring any digital data from said cryptographic 
media player or said cryptographic micro=mirror machine module (M3HM) 
wjj:h^&ts^ digital, signal processor (C-DSP) 

means to the media ticket smart card with first example pass- thru 
encrypting return means being common family key or shared secret key 
encryption which is known to be vulnerable to a single point of 
attack, second example pass-thru encrypting return mean3 being a pre- 
embedded, common look-up table of unique vendor public key and 
matching private keys with organizational means involving several 
processes and components such as first organizational means being a 
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row, column table indexed by a vendor identification number, third 
example pass-thru encrypting return means being a pre-embedded common 
look-up table of unique vendor secret keys with organizational means 
involving several processes and components with first organizational 
means being a row, column table indexed by a vendor identification 
number, 

initializing before playing which is the process done by the 
customer, party A, of preparing any party's cryptographic micro- 
mirror machine module (MMM) with its embedded cryptographic digital 
signal processor (C-DSP) means with his own custom encrypted digital 
media jtsovies and his OWh media ticket smart card, 

authenticating by customer triangle authentication which is the 
process done by said cryptographic micro-mirror machine module (MMM) 
with its embedded said cryptographic digital signal processor (C-DSP) 
means, 

transferring of cryptographic keys to the cryptographic micro - 
mirror machine module (MMM) or said cryptographic media player with 
its embedded said cryptographic digital signal processor (ODSP) 
means by pass- thru encrypting means of cryptographic keys which is 
the process done by the cryptographic micro mirror module to receive 
encrypted play codes with header and encrypted play counts with 
header from Lite media ticket smarl card n transferred over 
wiretapable computer buses to the cryptographic micro mirror module's 
own cryptographic memory (TNV-EBPRQM) for access by its cryptographic 
digital signal processor (C-DSP) means, 
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transferring of cryptographic keys away from said cryptographic 
media player or said cryptographic micro-mirror machine module (mM) 
with its embedded said cryptographic digital signal processor (ODSP) 
means by pass- thru encrypting return means of cryptographic keys 
which is the process done by the cryptographic media player's 
cryptographic micro mirror module to transfer encrypted play codes 
with header and encrypted play counts with header both with 
cryptographic digital signal processor (C-DSP) means incremented 
sequence counts to the media ticket smart card A transferred over 
wiretapable computer buses, 

authenticating using media triangle authentication which is the 
process of matching the unique digital media with its matching unique 
play code by the method done by said cryptographic media player or 
said cryptographic micro-mirror machine module (MMM) with its 
embedded said cryptographic digital signal processor (C-DSP) means 
using digital media triangle authentication to read test data with a 
successful decryption, 

cryptograph ing using hybrid key cryptography which is the process 

done by said cryptographic media player or said cryptographic micro- 

mirror machine module (MMM) with its embedded said cryptographic 

digital signal processor (C-DSP) means using hybrid key cryptography 

which is the process of using hybrid key cryptography which uses 

public key cryptography to authenticate remote parties, do digital 

signatures to authenticate digital media and establish media 

integrity with a remote party, and encrypt one-time secret keys 

known as session keys (ssk-n) , used for only one session, which said 
^ 464af73? 



session keys are sent to a remote party who decrypts them for storage 
in his own tamper resistant, non-volatile memory embedded on his 
black, cryptographic computing unit in the example of a cryptographic 
digital signal processor (C-DSP) means and a cryptographic central 
processing unit (C-CPXT) which said session keys may be later stored 
in tamper resistant non- volatile memory (TNV-EEPROM) embedded in a 
media ticket smart 4 card where they are referred to as play codes with 
paid for and authorized play counts, 

accounting by said cryptographic media player with its embedded 
said cryptographic media player or said cryptographic micro-mirror 
machine module (MMMj with its embedded said cryptographic digital 
signal processor {C-D5P) means which is the process done by the 
cryptographic micro mirror module using hybrid key cryptography 
digital media playing of one-way transfer of custom session key 
encrypted digital media owned by party n in a controlled access 
manner mostly tor financial accounting purposes which uses the play 
codes (session key or one-time secret key) and play counts {paid for 
number of plays or count of free trial plays) contained in media 
ticket smart cards, 

playing by said cryptographic media player or said cryptographic 
micro-mirror machine module (MMM) with its embedded said 
cryptographic digital signal processor (C-DSP) means which is the 
process done by the cryptographic micro-mirror module (MMM) player 
using hybrid key cryptography which is the process of using hybrid 
key cryptography to do digital media playing in a controlled access 

manner using play codes (session key or one-time secret keys) and 
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play counts (now contained within registers in the cryptographic 
digital signal processor (C-DSP) means and also the double secret key 
decryption of a unique customer session key decryption followed by a 
unique vendor secret key decryption being directly used upon the 
custom encrypted one-way transfer of custom session key encrypted 
digital media which is pre-unique vendor secret key encrypted with 
sequence number checks for countering recorded replay attacks, 

escrowing retrieval of lost, stolen, or disputed ownership media 
ticket smart cards which is the process done by the customer, party 
n, which collection of processes of or methods of invention sets 
systems standards and integrates components into a system which can 
be used in the future for new forms of internationally standardized 
cryptography sanctioned by industry trade groups such as the 
Recording Industry of America Association (RIAA) , the Secure Digital 
Music initiative (SDMI), the US National Association of Broadcasters 
(NAB) , and alno national ntandnrds nq one ion such an the America s* 
National Standards Institute (ANSI)> National Institute for Standards 
and Technology (MIST)/ or International Telegraphy Union (ITO f-r 



whereby the present invention creates several new processes in doing 
digital media distribution over the prior art Internet using secure 
World Wide Web (WWW) servers involving. Lhe cryplogiaphically secure 
transfer or download to personal computers (PC's) of digital media with 
subsequent transfer to said cryptographic media players or said 
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cryptographic micro-mirror machine modules (MMM) with embedded said 
cryptographic digital signal processors (C-DSP) means, 

whereby the present invention creates several processes for 
safeguarding multi-million dollar digital masters. 
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PROCESS STEP 64, The process or methods of claim 63 whereby the 
process of cryptographing public key cryptography is the process done 
by said cryptographic micro-mirror module (MMM) having an embedded said 
cryptographic digital signal processor (C-DSP) means using public key 
cryptography which is the process of using public key cryptography 
authentication, encryption, and decryption using public keys (puk-n) , 
and private keys (prk-n) , stored within tamper resistant non-volatile 
memory (TNV-EEPRCM) embedded within non-wiretapahle ("black" ) 
cryptographic computing units in the example of cryptographic digital 
signal processors (C-OSP's), 
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PROCESS STEP 65 . The process of or methods of claim 63 whereby the 
process of cryptographing using secret key cryptography which is the 
process done by said cryptographic micro-mirror module (MMM) with its 
embedded said cryptographic digital signal processor (C-DSP) means 
using secret key cryptography which is the process of using secret key 
cryptography with a non-wiretapable ("black") bus, cryptographic 
computing unit in example of a cryptographic digital signal processing 
(ODSF) means using secret keys (sek-n), or session keys (ssk-n) , 
stored upon tamper resistant, non-volatile memory (TNV-EEPROM) , which 
comprises the sub-process of: 

cryptographing using fast hardware session key cryptography which 
is the process done by a cryptographic digital signal processor CC- 
DS?) means inside of a cryptographic micro mirror module using 
hardware secret key cryptography which is the process of using a 
prior art y silicon compiler designed, dedicated hardware secret key 
sub-processor which is embedded within a secure ("black") , 
cryptographic digital signal processing (C-DSP) means with access to 
higher level tamper resistant non-volatile (TNV-EEPR.QM) ("black") 
memory for cryptographic: key storage of private keys and secret keys, 
which hardware secret key sub-processor is much faster than software 
for secrel key cryptography and is intended for EasL, secret key 
cryptography encryption and decryption of block transferred digital 
media . 
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(END CUT AND PASTE SECTION - RE-WORDED CLAIMS) 



ALTERNATIVE EMBODIMENTS - DETAILED DESCRIPTION OF 

FIGURES, DETAILED OPERATION OF FIGURES OF 1* L ALTERNATE EMBODIMENT 

Fig. 7 is a circuit block diagram of the 1 st alternative embodiment of 
a cryptographic set-top box for "decrypting" custom encrypted media 
from high speed digital channels such as cable, phone, w over the air," 
direct broadcast satellite (DBS) system broadcast, or even ^wireless 
Ethernet" ^skip stoned" transmissions. 
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ADVANTAGES OF ALTERNATIVE EMBODIMENTS - 1 st Alternative Embodiment 

R. In the l at alternative embodiment, an object of this invention is 
to support custom encrypted * cellular radio' using MPEG X audio layer 3 

(MP3) compressed digital audio only, custom encrypted digital standard 
broadcast (SDTV) and digital high definition "bigscreen" television 

(HDTV) in digital "over the air" transmitted signals, or else cable 
distributed digital signals using high speed broadband cable modems, or 
else phone line distributed signals using high speed asymmetric digital 
subscriber line (ADSL) broadband modems, or else direct broadcast 
satellite (DBS) service transmitted signals, or "wireless Ethernet" 
Institute for Electrical and Electronic Engineers Standard 002.11c {100 
Mega bits/second) transmitted "stone skipped" signals, which are all 
custom decrypted using a cryptographic set-top box with a built-in 
media ticket smart card reader with an inserted matching media ticket 
smart card which is further attached to a digital television monitor. 
A digital television merely has a built-in set-top box of some form. 
The set-top box may have an additional attached audio/video digital 
recorder of some form or some level of intelligence. 

The HDTV/ SDTV signal may have a new from the inventor' o crooa - 
referenced invention [REF 512 j invention MPEG II cxtcnoion for a very 
efficient cryptography "oilhoucttc - likc" technique background scene 
cutting and replacement method of introducing electronic television 
guide digital data. The digital picture in a picture (PIP) in a 
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spreadsheet or matrix graphical user interface (GUI) will present the 
electronic television guide data and select future program recording. 

The "over the air" broadcast of (RECOMMENDED FUTURE FCC STANDARD) 

custom encrypted or "cipher text" standard digital broadcast signals 

such as High Definition Television {HDTV} or Standard Definition 

Television (SDTV) signals is supported in my invention with the viewer 

at home placing his own personal media ticket smart card into the 

cryptographic set-top box with a built-in media ticket smart card 

reader. The media ticket smart card will have pre-installed or else 

customer personal compuler (PC) previously downloaded standard 

broadcast session keys (1-time secret keys which only in this case are 

shared by more than one viewer with the alternate name of family keys) 

which are turned into unique personalized play codes for each customer. 

Each play code will have a matching personalized play count (paid for 

numbers of plays, -1 for indefinite plays , or counts of free trial 

plays) for each customer used for digital video recording control of 

digital to digital copying. The personalization process of tunning 

standard broadcast session keys into unique play codes is done by the 

authorized media distribution vendor who uses the customer's public key 

certificate authority (CA) database obtained unique public key to 

encrypt the session key into a unique play code. The personalized play 

code is Web down-loaded to the customer's Personal Computer (PC) with 

an attached media ticket smart card reader and the customer's media 

ticket smart card inserted. The customer will physically * footprint 

download" or walking step transfer his media ticket smart card to his 
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w over the air" cryptographic set-top box with a built-in media ticket 

smart card reader and a connected digital recorder/cryptographic media 

player with a built-in media ticket smart card reader. An internet 

ready set-top box over broadband cable or broadband ADSh phone line 

(e.g. Web (R ) TV) will be able to Internet download directly to the 

set-top box. The decryption process for the unique customer play count 

and play code is done in the set-top box/cryptographic media player. 

First the set-top box/cryptographic media player extracts the 

customer's unique private key, session key, or *play code* from his 

inserted media ticket smart card. The customer private key is uased in 

the accounting process of decrypting the *play count' or secret key 

encrypted accounting figure to check for authorized paid for play's 

greater than 1, -1 for indefinite plays, or counts of free trial plays. 

A positive accounting verification allows continued extracting of the 

unique customer % play code' or session key from the inserted customer 

media ticket smart card inserted into a built-in media ticket smart 

card reader. The set-top box /cryptographic media player retrieves from 

its own tamper resistant memory the authorized media vendor family key 

and also the unique vendor secret key. The play code is decrypted into 

a standard session key (1-time secret key shared in this case for 

standard broadcast only) using the customer's unique private key, the 

authorized media vendor secret key, and the media vendor family key. 

The session key is used to decrypt the encrypted broadcast media coming 

into the set-top box. This will support standard encrypted (not 

personally encrypted) broadcast media with standard session keys also 

called shared secret keys or family keys which are turned into 

personalized play codes and personalized play counts. The play codes 
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and play counts will be customized to each home viewer through the use 
of unique public key encryption which only the customer's media ticket 
smart card holding the unique customer private key can decrypt, 

The digitally recorded, standard broadcast, standard encrypted media 
can be decrypted by any customer with his own media ticket smart card 
having the appropriate standard broadcast play codes and play counts. 
The underlying session keys (1-tiiae secret keys which in the standard 
broadcast case are not unique to each customer) are common. Transfer 
of the personalized play codes and play counts from one customer's to 
another customer' s media ticket smart card can be done through a 
special process of the set-top box/cryptographic media player. 

One customer's recorded encrypted, standard broadcast/ digital media 
can possibly be decrypted by another customer's media ticket smart card 
with shared *play codes' also called family keys or shared secret keys 
if per chance the two customer's have recorded the same standard 
broadcast and both have downloaded their own unique play counts and 
play codes. 

The standard broadcast decryption goal of the media ticket smart 
card in this embodiment will support legal "fair use," The media 
ticket smart card held personalized play codes and play counts can also 
be transferred to a customer's back-up media ticket smart card for use 
in another iocaLion such as an automobile or anoLliex room. The 
standard session key encrypted digital HDTV or SDTV broadcast media can 
be digitally recorded upon a digital versatile disk read/write (DVD/Rfe? 
(R ), DVD+RW (R ) ) , computer hard disk drive (HDD), or compact disk 
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record once (CD-R) for legal "fair use" copying upon a personal 
computer. 

The media ticket smart card in this embodiment will support legal 
" first use." The media ticket smart card held play codes and play 
counts can be legally sold, or given away in entirety by using the 
cryptographic media player to re-package and transfer the personalized 
play codes and play counts in the media ticket smart card of the legal 
owner to the media ticket smart card of another legal owner. This 
process is explained as the same methods of the * first use" 
cryptographic key transfer from media ticket smart card A to media 
ticket smart card B. The recorded encrypted by standard session key 
digital media will also be transferred and will be useless without the 
media ticket smart card's matching play codes and play counts. 

The goal of an electronic television guide is available through a 
single digital tuner and the. HDTV/SDTV signal using a very efficient 
(non-MPEG II or non-MPEG IV compliant) cryptography silhouette-like 
technique for transport of electronic television guide digital data. 
The electronic television guide data is displayed inside of a digital 
"picture in a picture (PIP) " by using a spreadsheet or matrix style of 
graphical user interface (GUI) for current program selection and future 
program recording. The inventor's related [REF 512 j US Patent Pending 
Application No. 09/999/589/ Filing Date Nov. 15, 2001/ Filed by Kevin 
Kawakitu/ d e scribes this process for the mor e limited Getting of an 

aircraft digital video recording system (ogq BACKGROUND Cross- 

Reference to My Related Inventions) . 
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ALTERNATIVE EMBODIMENTS - DETAILED DESCRIPTION OF 

FIGURES, DETAILED OPERATION OF FIGURES OF 2 NCi ALTERNATE EMBODIMENT 

Fig, S is a circuit block diagram of the 2 MT> alternative embodiment of 
a cryptographic micro mirror module (MMM) commercial movie theater 
system (C-MMM) . 
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ADVANTAGES OF ALTERNATIVE EMBODIMENTS - 2 Jid Alternative Embodiment 

S. An advantage of this invention in the 2 nd alternative embodiment 
is to support a high performance, movie cryptographic media 
player/micro-mirror machine module (MMM) for commercial movie theater 
use » 
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CONCLUSION, RAMIFICATIONS AND SCOPE OF INVENTION 

A. This invention supports physical distribution of internet 
. "downloaded" custom encrypted digital media limited to digital music, 
digital movies, electronic newspapers, and electronic books (not 
including multi-media, computer games, or computer programs which need 

real-time computer program decryption) (ace REFERENCES NON-PATENT 

LITERATURE [REF 500] - "The Secure Digital Music Initiative (SDMI) n ) 
for "playing" or decryption upon special cryptographic media players. 

This invention uses only one media ticket smart card per owner 
with many different digital media distribution vendors. 

C. This invention allows the owner's one media ticket smart card to 
he used with any owner's cryptographic media player [REF BOS] . 

D. This invention stops the use of any unauthorized digital copying 
of digital .media. 

E. This invention restricts one digital media distribution company's 
unencrypted digital masters only to itself and absolutely no other 
party &sp^ciolly access by any other competing digital media 
distribution company. 
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F. This invention allows count controlled play counts or counted 
decryptions of custom encrypted media including counts of free trial 
media plays. 

G. This invention provides all public key cryptography legal 
attributes such as: 

1). authentication (like an exchange of photo ID's or thuisbprints) 

2} . encryption/decryption (for privacy) 

3) . integrity (wholeness or non-tampering) 

4) ♦ digital signatures (like handwritten signatures) 

5) - non- repudiation (denying digital signatures) 

6) , authorization (approval using digital signatures and dating 
or official post marks) 

7) . archiving (storing digitally signed documents in a high 
integrity environment) 

8) . accessibility (restricting access to authorized users) 

9) ♦ audit trail (recording accesses to information with public key 
ID's, dates, times, and locations) 

10) . play counts/play codes for counting paid for and authorized 
personally encrypted digital media plays and for decrypting them 
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11) . crypto key splitting and key escrow* 

12}. crypto key administration and key architectures. 

H, This invention supports pass- thru encryption of cryptographic 
play codes (session keys or 1-time secret keys) and play counts (paid 
for numbers of plays, -1 for indefinite plays, or counts of free trial 
plays) for their trip from a media distribution company's central web 
server over the open internet to a customer's personal computer over 
wiretapable buses to a secure memory inside of a smart card inserted 
into a media ticket smart card reader attached to the personal 
computer. 

I. This invention supports physical transfer of encrypted diqital 
media in the form of digital versatile disk read/write, compact disk 
record once, and FLASH memory cards and also the physical transfer of 
media ticket smart cards from a customer's personal computer to a 
cryptographic media player [REF 508] . 

J. This invention supports pass-thru encryption of cryptographic keys 

in the form of play codes (session keys or 1-time secret keys) and play 

counts (paid for numbers of plays, -1 for indefinite, plays, counts. of 

free trial plays) from a smart card inserted into a media ticket smart 

card reader built-into a cryptographic media player [RF.F 503] for 

transferring such keys over wiretapable ("red") computer buses to a 

cryptographic digital signal processor unit having its own tamper 

resistant non-volatile electrically erasable programmable read only 
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memory which processor is contained inside of the cryptographic iaedia 
player [REF 508] , 

Examples are pass-thru, encrypted, transfer of keys from smart- 
cards to media ticket smart card readers (using media ticket smart card 
reader vendor family keys) to crypto-DSP's (using crypto-DSF vendor 
family keys) to crypto-CPU's (using crypto-CPU vendor family keys) to 
crypto-GS e s (using crypto-OS family keys) to crypto-sof tware (using 
crypto~sof tware family keys) . 

K, This invention supports an optional media ticket smart card 
citizen /customer authentication triangle between the three points of: 

point 1, customer A to (a first means of a passphrase/passcode, a 
second means of a bio- identification unit such as a digital 
fingerprint , a third means of a password mixed with pseudorandom 
noise called salt), to 

point 2, media ticket smart card A holding customer A ? s private 
keys, encrypted play codes with header, and encrypted play counts 
with header to prevent the use of stolen media ticket smart cards, to 

point 3, cryptographic media player [REF 50 8 ] . 

Any one of the three points which are detected as unauthorized 
will stop the media ticket smart card read/write process. 
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L. This invention supports a cryptographic media authentication 
triangle between the three points of: 



point 1, a copy of 1-way transfer of customer session key encrypted 
digital media A, to 

point 2, media ticket smart card holding a customer A* s private 
keys, encrypted play codes with header, and encrypted play counts 
with header, to 

point 3, cryptographic media player [REF 50 8 ] . 

Any one of the three points which are detected as unauthorized 
will stop the custom encrypted digital media playing process. 

M. This invention supports legal "fair use" of US copyrighted 
encrypted digital media or the archiving of unlimited custom encrypted 
copies for personal use. The purpose of "fair use" is to allow for 
recovery in case of accidental damage, theft, fire, flood, natural 
disaster, legal archiving, disputed legal ownership {as any divorced 
person will recognize), or one or at most two convenience copies in 
multiple locations used by the legal owner. Legal "fair use" also 
supports a home set of media and an auto set of media, 

N* This invention supports legal "first use" of US copyrighted 
encrypted digital media or the right to sell or transfer in entirety 
the encrypted digital media to another person and transfer only 
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relevant media ticket smart card cryptographic keys to the other 
person 1 s media ticket smart card. 

0. This invention supports lost and stolen media ticket smart cards* 

P. This invention supports non-copyrighted commercial material, home 
produced material, and previously recorded, non-encrypted digital 
Copyrighted material by allowing unlimited unencrypted plays of the 
media. 

Q. This invention prevents use of this strong cryptography system of 
software and hardware by terrorist forces * n< 3 countries which are 
enemies of the United States for military use of Command, Control, 
Communications, Computers, and Coordination (CCCCC or C Five) ♦ 
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R. In the 1st alternative embodiment, this invention supports custom 
encrypted ^cellular radio' using MPEG X audio layer 3 (MP3) compressed 
digital audio, custom encrypted digital standard broadcast (SDTV) and 
digital high definition television (HDTV) in digital w over the air" 
transmitted signals, or else cable distributed digital signals using 
high speed broadband cable modems, or else phone line distributed 
signals using high speed asymmetric digital subscriber line (ADSL) 
broadband modems, or else direct broadcast satellite (DBS) service 
transmitted signals, or else "wireless Ethernet" Institute for 
Electrical and Electronic Engineers (IEEE) Standard 002.11c {100 Mega 
bits/second) "skip stoned" transmitted signals which are ail custom 
decrypted using a cryptographic set-top box with a built-in media 
ticket smart card reader with an inserted matching media ticket smart 
card which is further attached to a television and audio/video digital 
recorder* 
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S . In the 2nd alternative embodiment, this invention supports a high 
performance, movie cryptographic media player /micro-mirror machine 
module (MMM) for commercial movie theater use. 



While my above description contains many specifications, these 
should not be construed as limitations on the claims of the invention, 
but rather as an exemplification of some preferred embodiments > Many 
other alternative embodiments are possible. Different arrangements of 
computer hardware can be made to support this cryptography architecture 
and different levels of security can be supported. In addition, the 
cryptographic digital media can be centrally distributed in physical 
media along with pre-prog rammed media ticket smart cards. Use of 
different underlying ideal public key crypLology algori Linns (81 6 ) will 
also support the ideal public key cryptography federated architecture 
requirements (312) . Slightly different sequences in cryptographic 
protocols or cryptographic algebraic order can produce the same basic 
results. The entire scope of this invention should be determined by 
the accompanying legal claims listed ju3t below and not be any specific 
embodiments thereof. 
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